A new security hole DROWN has been discovered in the OpenSSL library which is used by websites to offer https versions of their sites.
The attack named DROWN or Decrypting RSA with Obsolete and Weakened encryption enables an old security protocol SSLv2 to be used for attacking https websites.
OpenSSL 1.0.2g now available with DROWN bugfix
The OpenSSL team has issued new versions of their library. We recommend to upgrade as soon as possible to OpenSSL version 1.0.2g
The latest version of OpenSSL can be downloaded from https://www.openssl.org/
Here are the commands you need to execute on your server via your Secure Shell access (SSH):
$ cd ~
$ wget https://www.openssl.org/source/openssl-1.0.2g.tar.gz
$ tar xvfz openssl-1.0.2g.tar.gz
$ cd openssl-1.0.2g
$ ./config
$ make depend
$ make
$ sudo make installThe above commands will download OpenSSL, compile and install the newest version of OpenSSL.
To validate the install execute the following commands:
$ openssl
OpenSSL> version
OpenSSL 1.0.2g 1 Mar 2016
I started my first website Wim's BIOS (https://www.wimsbios.com) back in 1996 as a hobby. Wim’s BIOS is still the internet premier source for finding BIOS Updates.
More then 15 years later this technology site keeps going strong with thousands of visitors every day.
My book "Fast, Scalable and Secure Webhosting" will show you how to set up your server using Linux, Nginx, MariaDB, PHP-FPM, Java, IPv6, HTTPS, HTTP/2, WordPress and much more!
- Google PageSpeed Insights: Scoring 100/100 with WordPress - August 2, 2016
- Enabling SSL – HTTPS on a CDN (HTTPS Everywhere Series – Part 6) - May 11, 2016
- Getting an A+ grade on SSLLabs.com (HTTPS Everywhere Series – Part 5) - May 9, 2016
Share this Post