Home > Developer > Linux

Repair OpenSSL FREAK Vulnerability bug steps under Linux

Source: Internet
Author: User
Tags md5 openssl
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Repair method:

1: Upgrade the latest version of OpenSSL, restart the corresponding service. #比如OpenSSL的1.0.1 of users should upgrade to 1.0.2
2: Modify the SSL encryption algorithm: (Nginx conf:ssl_ciphers all:! Adh:! Export56:rc4+rsa:+high:+medium:+low:+sslv2:+exp;)
Nginx modified to Ssl_ciphers high:!anull:! md5:! export56:! EXP;
httpd modified to Sslciphersuite high:!anull:! md5:! export56:! BX7
3: Restart the corresponding service.

Vulnerability test:

[Root@localhost ~]# OpenSSL s_client-connect www.111cn.net:443-cipher EXPORT
CONNECTED (00000003)
Depth=3 C = IL, O = ### Ltd., OU = Secure Digital certificate signing, CN = ### Certification Authority
Verify Return:1
depth=2 C = cn, O = ### Limited, cn = CA \e6\b2\83\###\e8\af\81\e4\b9\a6
Verify Return:1
Depth=1 C = cn, O = ### CA Limited, CN = CA \e6\b2\83\e9\80###\81\e4\b9\a6
Verify Return:1
Depth=0 Description = \e5\85\8d\e8\b4\b####\af\81\e4\b9\a6 \e7\94\b3\e8\###\91\e5\9d\80\ef\bc\9ahttps://####.com, CN = mail.####.com
Verify Return:1
---
Certificate chain
0 s:/description=\xe5\x85\x8d\## #F \x81\xe4\xb9\xa6 \xe7\x94\xb3\xe8\xaf\xb7\xe7\xbd\x91\xe5\x9d\x80\xef\xbc\ X9ahttps://buy.wosign.com/cn=mail.####.com
I:/c=cn/o=wosign CA Limited/cn=ca \xe6\xb2\x83\####\x8d\xe8\xb4\xb9ssl\xe8\xaf\x81\xe4\xb9\xa6
1 s:/c=cn/o=wosign CA Limited/cn=ca \xe6\xb2\x83\xe9\###\x8d\xe8\xb4\xb9ssl\xe8\xaf\x81\xe4\xb9\xa6
I:/c=cn/o=wosign CA Limited/cn=ca \xe6\xb2\x83\xe9\###\xb9\xe8\xaf\x81\xe4\xb9\xa6
2 s:/c=cn/o=wosign CA Limited/cn=ca \xe6\xb2\x83\xe9\x80\###\xb9\xe8\xaf\x81\xe4\xb9\xa6
i:/c=il/o=startcom ltd./ou=secure Digital Certificate signing/cn=### Certification
3 s:/c=il/o=startcom ltd./ou=secure Digital Certificate signing/cn=### certification Authority
i:/c=il/o=startcom ltd./ou=secure Digital Certificate signing/cn=### Certification
---
Server Certificate
-----BEGIN Certificate-----
###################### #FMm1PJLA9iewtlE9XETANBgkqhkiG9w0BAQUFADBM
Mqswcqydvqqgewjdtjeambgga1uechmrv29tawduienbiexpbwl0zwqxitafbgnv
bammgenbioayg+mamuwfjei0uvnttoivges5pjaefw0xndeymjuwmzi5mdlafw0x
Nteymjuwmzi5mdlamfkxpja8bgnvba0mnewfjei0uvnttoivges5pidnllpor7fn
vzhlnydvvj################################### #YDVQQDDA5tYWlsLmp1
yxn5lmnvbtccasiwdqyjkozihvcnaqebbqadggepadccaqocggebapjfjk6thr7n
C5lgnyyfesg+jmrm+hihckvl8xctouc9xfqhxptpblc+0nxgdwhphy5jslqe+mi8
K6vtb0xxp5t644p8j3/fellush1aqdaihmlwvcyha4xlnhdnii2pxqbajl7csvvu
24k0r1n5w1kmsgw354skraaa8qxy9frd8sl+8euml+51eyo+bzic0obcohfp7+i6
Fqwtzwxabxkt08kguear3gjfx1nt3hcdpksxttvxqh2xu5var77uf1j6oavxllco
Xlheteo7gyskm2iln8lvlrffncuoljjpl2cak7b0v6gk/cvnl22zhomppuqxgqnn
Pcgozuftdzccaweaaaocaauwggghmasga1uddwqeawidqdadbgnvhsuefjaubggr
Bgefbqcdagyikwybbquhawewcqydvr0tbaiwadadbgnvhq4efgqulfrekhxu6/pk
Vpb/e+kbvhzat90whwydvr0jbbgwfoau/couedflyoxunegqqq0okdwl9z4wewyi
Kwybbquhaqeebzbtmdmgccsgaqufbzabhidodhrwoi8vb2nzcdiud29zawdulmnu
####################################### #Kmh0dHA6Ly9haWEyLndvc2ln
Bi5jbi9jytiuc2vydmvyms5mcmvllmnlcja8bgnvhr8entazmdggl6athitodhrw
Oi8vy3jscziud29zawdulmnul2nhmi1zzxj2zxixlwzyzwuuy3jsmbkga1udeqqs
Mbccdm1hawwuanvhc3kuy29tmfiga1udiarlmekwcaygz4emaqibmd0gdisgaqqb
gptrawecbwecmcswkqyikwybbquhagewhwh0dha6ly93d3cud29zawdulmnvbs9w
################################## #Lhx97YtyFOlvC92qjVQWvZjZ7X8Ii
Uqbxgdkxvjt6s7aromq7tok35scdfvpgxylms2ehngxdl1gzjrqu4fydskngczql
fruvhm2jv17ydm+szy16mt8chh+fs3baoespwz0i71l7v+mgkvdmz1/stekfgs0e
######################################## #pswOZF0QVr/DOADK41OGLFG
Wac2v1kblk4jwmz5bd3yrpmthgjn04mzikilvzyolrjpp1ucuihewjsmv6wvw7fn
###############################################
-----End Certificate-----
subject=/description=\xe5\x85\x8d\xe8\xb4###### \xe7\x94\xb3\xe8\xaf\xb7\xe7\xbd\x91\xe5\x9d\x80\xef\xbc\ X9ahttps://buy.wosign.com/cn=mail.####.com
issuer=/c=cn/o=#### CA limited/cn=ca \xe6\xb2\x83\xe9\x80\x9a\x### #B4 \xb9ssl\xe8\xaf\x81\xe4\xb9\xa6
---
No client certificate CA names sent
---
SSL handshake has read 6799 bytes and written 199 bytes
---
New, Tlsv1/sslv3, Cipher is Exp-des-cbc-sha
Server public key is 2048 bit
Secure renegotiation is supported
Compression:none
Expansion:none
Ssl-session:
Protocol:tlsv1
Cipher:exp-des-cbc-sha
session-id:5343### #4FC455F26700B
Session-id-ctx:
master-key:2cca993f6######## #C6EE5A17FEA6F52D5BCA697C09A169ED59E0
Key-arg:none
Krb5 Principal:none
PSK Identity:none
PSK Identity Hint:none
Start time:1427162168
timeout:300 (SEC)
Verify return code:0 (OK)
---
Closed

after repair :

[Root@localhost ~]# OpenSSL s_client-connect www.111cn.net:443-cipher EXPORT
CONNECTED (00000003)
139642907903816:error:14077410:ssl routines:SSL23_GET_SERVER_HELLO:sslv3 Alert Handshake failure:s23_clnt.c:741:
---
No peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written bytes
---
New, (none), Cipher is (none)
Secure renegotiation is not supported
Compression:none
Expansion:none
---

Okay, did you find out that after the fix, we tested the bug and there was no bug.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
linux repair latest linux bug linux vulnerability scanner db2 installation on linux steps oracle asm configuration steps in linux linux create csr openssl openssl linux example
Related Article
Linux Kernel Coding Style
Linux error--->export ' = ' not a valid identifier for gen...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More