Just a reminder, that COS5 hosts aren't susceptible to this bug. It was
introduced in a version of openssl which is later than what COS5 uses.
Are you now glad that you haven't yet upgraded? ;)
--
-Eric 'shubes'
On 04/10/2014 08:18 AM, Dave M wrote:
Appologies, this is Centos 5.10 installation.
qtp-whatami
qtp-whatami v0.3.8 Thu Apr 10 08:18:25 MDT 2014
REAL_DIST=CentOS
DISTRO=CentOS
OSVER=5.10
QTARCH=i686
QTKERN=2.6.18-371.3.1.el5
BUILD_DIST=cnt50
BUILD_DIR=/usr/src/redhat
Dave M
-----Original Message----- From: Dave M
Sent: Thursday, April 10, 2014 8:15 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: heartbleed bug
Hi Eric
What is the correct path as the makecert fails
/var/qmail/bin/makecert.sh: No such file or director
Dave M
-----Original Message----- From: Eric Shubert
Sent: Wednesday, April 09, 2014 1:01 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: heartbleed bug
I'd like to add a few details here.
If you use the stock self-signed cert, you should still probably
regenerate this by doing:
# service qmail stop
# mv /var/qmail/control/servercert.pem \
/var/qmail/control/servercert.pem.compromised
# /var/qmail/bin/makecert.sh
# service qmail start
If you use your own cert/key, then you should know what you need to do
for that, which is beyond the scope of this email.
The dh keys used in the TLS key negotiation process should be generated
automatically every day by cron, which runs the /var/qmail/bin/dh_key
script. You might want to verify the dates of these files:
# ls -l /var/qmail/control/dh*
If these weren't modified today, check your crontab.
Thanks for clarifying this, Steve.
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
