Update your openSSL ( version 1.0.2f ) for any security issues

openssl

OpenSSL (Secure Sockets Layer) is a toolkit used in a Linux and Unix-like systems.Vulnerabilities such as Heartbleed or the new bug found just recently, allow a hacker to potentially weaken the encryption of the traveling information or even obtain the key. Decrypting the packets becomes much easier, and the information once again could be exposed. Thus the hackers can tap into any email communication, steal credit card numbers, and much more.

Which Linux distros are affected

RHEL version 6.x
RHEL version 7.x
CentoS Linux version 6.x
CentoS Linux version 7.x
Debian Linux stable (wheezy) 7.x
Ubuntu Linux 14.10
Ubuntu Linux 14.04 LTS
Ubuntu Linux 12.04 LTS
Ubuntu Linux 10.04 LTS

So how can I get rid of this Vulnerabilities ? I will explain you how can you update your openSSL patch and keep secure.

Step 01 : Check your openSSL version.

For CentOS/RHEL/SL/Fedora Linux

sudo yum list installed openssl

For Debian/Ubuntu Linux

sudo dpkg -l | egrep '^ii.*openssl'

Step 02 : Patch your openSSL version.

All commands have to run as root user.
For CentOS/RHEL/SL/Fedora Linux

sudo yum clean all
sudo yum update
sudo yum update openssl

All commands have to run as root user.
For Debian/Ubuntu Linux

sudo apt-get update
sudo apt-get upgrade

Step 03 : Reboot

Finally you need to restart your system.

sudo reboot

NOTE : If you don’t want to restart then you can check which service you want to restart.
The code is for debian/ubuntu.

checkrestart -v

Then if you find service name list restart it with this commands

sudo service restart SERVICE NAME GOES HERE restart

example : sudo service restart nginx restart

 

Other Method

Step 01 : Download the package

For HTTP Download : https://openssl.org/source/openssl-1.0.2f.tar.gz

For FTP Download : ftp://openssl.org/source/openssl-1.0.2f.tar.gz

Step 02 : Install OpenSSL

Use this command to install OpenSSL

./config --prefix=/usr \
--openssldir=/etc/ssl \
--libdir=lib \
shared \
zlib-dynamic &&
make

NOTE : you can test your result use “ make test ”

Step 03 : Static libraries

This step is optional. If you want to disable installing the static libraries use this command.

sed -i 's# libcrypto.a##;s# libssl.a##' Makefile

 Step 04 : shared libraries, compression/decompression

User have to use those commands by using root user

make MANDIR=/usr/share/man MANSUFFIX=ssl install &&
install -dv -m755 /usr/share/doc/openssl-1.0.2f &&
cp -vfr doc/* /usr/share/doc/openssl-1.0.2f

That’s all, You have updated new patch of openSSL. You can configure your openSSL using this commands.

/etc/ssl/openssl.cnf