Re: [qmailtoaster] Re: heartbleed bug

Thu, 10 Apr 2014 11:35:05 -0700 

Thanks eric
And evry on involved in this
The COS6 packages will be promoted from testing to current very 
Dave M
-----Original Message----- From: Eric Shubert Sent: Thursday, April 10, 2014 8:08 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: heartbleed bug 
Thanks for find this, Dave.
I forgot that I created this script in the new COS6 version by taking the code out of the spec file. I didn't realize how soon that'd be useful. :) 

If anyone's wondering, the script should work the same on COS5.
I just looked at the code, and noticed that it uses 1024-bit key. I'll change that to 2048-bit. Everyone who is running the COS6 qmail package with stock servercert.pem file should change their makecert.sh script before running it. 

Thanks.
P.S. The COS6 packages will be promoted from testing to current very soon. :) 

--
-Eric 'shubes'

On 04/10/2014 08:24 AM, Dave M wrote:

Did some searching,

would this be correct
https://github.com/QMailToaster/qmail/blob/master/makecert.sh



-----Original Message----- From: Dave M
Sent: Thursday, April 10, 2014 8:18 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: heartbleed bug

Appologies, this is Centos 5.10 installation.

qtp-whatami
qtp-whatami v0.3.8 Thu Apr 10 08:18:25 MDT 2014
REAL_DIST=CentOS
DISTRO=CentOS
OSVER=5.10
QTARCH=i686
QTKERN=2.6.18-371.3.1.el5
BUILD_DIST=cnt50
BUILD_DIR=/usr/src/redhat


Dave M

-----Original Message----- From: Dave M
Sent: Thursday, April 10, 2014 8:15 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: heartbleed bug

Hi Eric

What is the correct path as the makecert fails
/var/qmail/bin/makecert.sh: No such file or director

Dave M

-----Original Message----- From: Eric Shubert
Sent: Wednesday, April 09, 2014 1:01 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: heartbleed bug

I'd like to add a few details here.

If you use the stock self-signed cert, you should still probably
regenerate this by doing:
# service qmail stop
# mv /var/qmail/control/servercert.pem \
      /var/qmail/control/servercert.pem.compromised
# /var/qmail/bin/makecert.sh
# service qmail start

If you use your own cert/key, then you should know what you need to do
for that, which is beyond the scope of this email.

The dh keys used in the TLS key negotiation process should be generated
automatically every day by cron, which runs the /var/qmail/bin/dh_key
script. You might want to verify the dates of these files:
# ls -l /var/qmail/control/dh*
If these weren't modified today, check your crontab.

Thanks for clarifying this, Steve.






---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to