Forums

Skip to content

Advanced search
  • Quick links
    • Unanswered topics
    • Active topics
    • Search
  • FAQ
  • Login
  • Register
  • Board index Assistance Networking & Security
  • Search

emerge apache without ssl heartbeat [solved]

Having problems getting connected to the internet or running a server? Wondering about securing your box? Ask here.
Post Reply
Advanced search
4 posts • Page 1 of 1
Author
Message
stmiller
Tux's lil' helper
Tux's lil' helper
Posts: 119
Joined: Tue Feb 28, 2006 3:44 pm

emerge apache without ssl heartbeat [solved]

  • Quote

Post by stmiller » Tue Apr 08, 2014 12:34 am

It light of this vuln, http://seclists.org/oss-sec/2014/q2/27 (CVE-2014-0160) I am curious if it is possible to emerge apache without the mod_ssl heartbeat feature.

Is that possible?

I can see that some TLS servers of various vendors have heartbeating disabled and I am curious if I can do the same with Gentoo. Ex:

Code: Select all

    
$ openssl s_client -connect www.qualys.com:443 -tlsextdebug

[skip] 

   PSK identity hint: None
    SRP username: None
    Start Time: 1396916504
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
B
HEARTBEATING
140408723089064:error:1413B16D:SSL routines:SSL_F_TLS1_HEARTBEAT:peer does not accept heartbearts:t1_lib.c:2566:
Last edited by stmiller on Tue Apr 08, 2014 3:22 pm, edited 1 time in total.
Top
stmiller
Tux's lil' helper
Tux's lil' helper
Posts: 119
Joined: Tue Feb 28, 2006 3:44 pm

  • Quote

Post by stmiller » Tue Apr 08, 2014 1:18 am

Welp, answering my own question.

Emerging openssl with use flag of -tls-heartbeat does the trick. Thanks,
Top
lagalopex
Guru
Guru
User avatar
Posts: 567
Joined: Sat Oct 16, 2004 10:48 am

  • Quote

Post by lagalopex » Tue Apr 08, 2014 7:58 am

Alternative (and offtopic) to fix openssl but keep heartbeat enabled:
Update to dev-libs/openssl-1.0.1g (is already in portage)
Top
SamuliSuominen
Retired Dev
Retired Dev
Posts: 2133
Joined: Fri Sep 30, 2005 8:38 am
Location: Finland

  • Quote

Post by SamuliSuominen » Tue Apr 08, 2014 8:15 am

1.0.1g is now stable on both, amd64 and x86, so time to `emerge --sync` and upgrade
Top
Post Reply
4 posts • Page 1 of 1

Return to “Networking & Security”

Jump to
  • Assistance
  • ↳   News & Announcements
  • ↳   Frequently Asked Questions
  • ↳   Installing Gentoo
  • ↳   Multimedia
  • ↳   Desktop Environments
  • ↳   Networking & Security
  • ↳   Kernel & Hardware
  • ↳   Portage & Programming
  • ↳   Gamers & Players
  • ↳   Other Things Gentoo
  • ↳   Unsupported Software
  • Discussion & Documentation
  • ↳   Documentation, Tips & Tricks
  • ↳   Gentoo Chat
  • ↳   Gentoo Forums Feedback
  • ↳   Duplicate Threads
  • International Gentoo Users
  • ↳   中文 (Chinese)
  • ↳   Dutch
  • ↳   Finnish
  • ↳   French
  • ↳   Deutsches Forum (German)
  • ↳   Diskussionsforum
  • ↳   Deutsche Dokumentation
  • ↳   Greek
  • ↳   Forum italiano (Italian)
  • ↳   Forum di discussione italiano
  • ↳   Risorse italiane (documentazione e tools)
  • ↳   Polskie forum (Polish)
  • ↳   Instalacja i sprzęt
  • ↳   Polish OTW
  • ↳   Portuguese
  • ↳   Documentação, Ferramentas e Dicas
  • ↳   Russian
  • ↳   Scandinavian
  • ↳   Spanish
  • ↳   Other Languages
  • Architectures & Platforms
  • ↳   Gentoo on ARM
  • ↳   Gentoo on PPC
  • ↳   Gentoo on Sparc
  • ↳   Gentoo on Alternative Architectures
  • ↳   Gentoo on AMD64
  • ↳   Gentoo for Mac OS X (Portage for Mac OS X)
  • Board index
  • All times are UTC
  • Delete cookies

© 2001–2026 Gentoo Foundation, Inc.

Powered by phpBB® Forum Software © phpBB Limited

Privacy Policy

 

 

magic