How to Fix DROWN security bug in OpenSSL

DROWN Logo

A new security hole DROWN has been discovered in the OpenSSL library which is used by websites to offer https versions of their sites.

The attack named DROWN or Decrypting RSA with Obsolete and Weakened encryption enables an old security protocol SSLv2 to be used for attacking https websites.

OpenSSL 1.0.2g now available with DROWN bugfix

The OpenSSL team has issued new versions of their library. We recommend to upgrade as soon as possible to OpenSSL version 1.0.2g
The latest version of OpenSSL can be downloaded from https://www.openssl.org/

Here are the commands you need to execute on your server via your Secure Shell access (SSH):

$ cd ~
$ wget https://www.openssl.org/source/openssl-1.0.2g.tar.gz
$ tar xvfz openssl-1.0.2g.tar.gz
$ cd openssl-1.0.2g
$ ./config
$ make depend
$ make
$ sudo make install

The above commands will download OpenSSL, compile and install the newest version of OpenSSL.

To validate the install execute the following commands:

$ openssl
OpenSSL> version
OpenSSL 1.0.2g  1 Mar 2016
Follow me

Wim Bervoets

Wim Bervoets is a veteran in the world of websites.

I started my first website Wim's BIOS (https://www.wimsbios.com) back in 1996 as a hobby. Wim’s BIOS is still the internet premier source for finding BIOS Updates.
More then 15 years later this technology site keeps going strong with thousands of visitors every day.

My book "Fast, Scalable and Secure Webhosting" will show you how to set up your server using Linux, Nginx, MariaDB, PHP-FPM, Java, IPv6, HTTPS, HTTP/2, WordPress and much more!
Follow me

Share this Post