Hi Rainer, Yes, apache was running with the old library, i have moved this out, and copied new libssl library from new openssl installation folder. But it is not working and now i am unable to start apache.
Now what to do with this ? Regards, Lokesh Jangir On Mon, Apr 14, 2014 at 2:52 PM, Rainer M. Canavan < rainer.cana...@sevenval.com> wrote: > > On Apr 14, 2014, at 10:17 , LOKESH JANGIR <lk.jangi...@gmail.com> wrote: > > > Hi Team, > > > > I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. I > found the same openssl vulnerability issue with my ssl certificate. I have > installed new openssl bugfixed version 1.0.1g and create csr and key file > from this. Also i have installed this on the server. I have restarted > apache service and server many times after installation. > > > > But still it is showing my website vulnerable. Can you please guide me > what am i missing now ? > > did you use "apachectl restart", or "apachectl stop" + "apachectl start"? > If you did > the former, the process may still be running with the old, deleted > library. Try > > sudo lsof -n | grep libssl | grep DEL > > to see if that is still the case. > > > > rainer______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org >
