Question
I am using apache2 server runing on a Ubuntu Server 12.04 LTS. In my apache2 conf file there is a host that looks like this.
IfModule mod_ssl.c>
VirtualHost *:443>
https://stackoverflow.com/questions/22977088
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian //Every configuration for the virtual host working fine.
/VirtualHost>
/IfModule>
I avoid using the "minor" sign since SO does not display the line containing it.
I cannot read "OpenSSL" anywhere. So my intuition says that I am not using it at all. So I should not worry about Heart bleed open SSL bug.
Am I right?
Thanks in advance.
Solution
From the command prompt do:
openssl version
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Your config is using mod_ssl. Mod SSL is OpenSSL built for Apache.
If your server is public facing you can try something like this tool. http://filippo.io/Heartbleed/
