OpenSSL\u88ab\u7206\u51fa\u4e25\u91cd\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u5177\u4f53\u8bf7\u770bOpenSSL\u5b98\u7f514\u67087\u65e5\u53d1\u5e03\u7684\u516c\u544a\uff1ahttp:\/\/www.openssl.org\/news\/secadv_20140407.txt<\/p>\n
<\/p>\n
\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\uff1ahttp:\/\/filippo.io\/Heartbleed\/<\/p>\n
<\/p>\n
\u8be5\u6f0f\u6d1e\u53ef\u80fd\u66b4\u9732\u5bc6\u94a5\u548c\u79c1\u5bc6\u901a\u4fe1\uff0c\u5e94\u5c3d\u5feb\u4fee\u8865\uff01\uff01!<\/p>\n
<\/p>\n
\u5b58\u5728\u6b64\u6f0f\u6d1e\u7684\u7248\u672c\u60c5\u51b5\uff1a<\/p>\n
1. OpenSSL 1.0.1 \u548cOpenSSL 1.0.2-beta\u5b58\u5728\u6b64\u6f0f\u6d1e<\/p>\n
2. \u66f4\u8001\u7248\u672cOpenSSL(1.0.0\u548c0.9.8)\u4e0d\u53d7\u5f71\u54cd<\/p>\n
<\/p>\n
\u4fee\u8865\u65b9\u6cd5\uff1a<\/p>\n
1. \u5982\u679c\u4e3aOpenSSL 1.0.1\u7248\u672c\uff0c\u5e94\u5c3d\u5feb\u5347\u7ea7\u5230OpenSSL 1.0.1g(\u5df2\u4fee\u590d\u6f0f\u6d1e)<\/p>\n
2. \u65e0\u6cd5\u7acb\u5373\u5347\u7ea7\u7684\u7528\u6237\u53ef\u4ee5\u52a0-DOPENSSL_NO_HEARTBEATS\u53c2\u6570\u91cd\u65b0\u7f16\u8bd1OpenSSL<\/p>\n
3. \u5982\u679c\u4e3aOpenSSL 1.0.2-beta\u7248\u672c\uff0c\u5efa\u8bae\u6682\u65f6\u7528OpenSSL 1.0.1g\u66ff\u4ee3\uff0c\u7b49OpenSSL 1.0.2-beta2\u4fee\u590d\u7248\u672c\u53d1\u5e03\uff0c\u518d\u66f4\u65b0\u81f3OpenSSL 1.0.2-beta2<\/p>\n
<\/p>\n
\u5177\u4f53\u5b9e\u65bd\uff1a<\/p>\n
1. \u68c0\u67e5\u76f8\u5173\u670d\u52a1\u662f\u5426\u6709\u6b64\u6f0f\u6d1e\uff1ahttp:\/\/filippo.io\/Heartbleed\/<\/p>\n
<\/p>\n
2. \u67e5\u770b\u673a\u5668\u4e0aOpenSSL\u7248\u672c, \u786e\u8ba4\u4f9d\u8d56OpenSSL\u7684\u670d\u52a1<\/p>\n
openssl version -a<\/p>\n
<\/p>\n
3. \u5982\u679c\u4e3aOpenSSL 1.0.1[a-f] \u6216\u8005 OpenSSL 1.0.2-beta\u7248\u672c\uff0c\u5efa\u8bae\u4ece\u5b98\u7f51\u4e0b\u8f7dOpenSSL 1.0.1g<\/p>\n
wget http:\/\/www.openssl.org\/source\/openssl-1.0.1g.tar.gz<\/p>\n
tar -zxvf openssl-1.0.1g.tar.gz && cd openssl-1.0.1g\/<\/p>\n
.\/config<\/p>\n
make && make install<\/p>\n
echo “\/usr\/local\/ssl\/lib” >> \/etc\/ld.so.conf<\/p>\n
ldconfig -v<\/p>\n
openssl version -a \u9a8c\u8bc1\u7248\u672c\u6b63\u786e\u5347\u7ea7<\/p>\n
<\/p>\n
4. \u5982\u679c\u4e0d\u65b9\u4fbf\u7acb\u5373\u5347\u7ea7\uff0c\u5efa\u8bae\u91cd\u65b0\u4e0b\u8f7d\u6e90\u7801\u52a0-DOPENSSL_NO_HEARTBEATS\u53c2\u6570\u7f16\u8bd1\u5b89\u88c5\uff08OpenSSL 1.0.1e\u4e3a\u4f8b\uff09<\/p>\n
wget http:\/\/www.openssl.org\/source\/openssl-1.0.1e.tar.gz<\/p>\n
tar -zxvf openssl-1.0.1e.tar.gz && cd openssl-1.0.1e\/<\/p>\n
.\/config -DOPENSSL_NO_HEARTBEATS<\/p>\n
make && make install<\/p>\n
echo “\/usr\/local\/ssl\/lib” >> \/etc\/ld.so.conf<\/p>\n
ldconfig -v<\/p>\n
openssl version -a | grep DOPENSSL_NO_HEARTBEATS \/\/\u9a8c\u8bc1\u7248\u672c\u6b63\u786e\u5347\u7ea7<\/p>\n
<\/p>\n
5. \u786e\u8ba4\u4f9d\u8d56OpenSSL\u5e93\u7684\u670d\u52a1\uff0c\u4f8b\u5982nginx, apache\u7b49web\u670d\u52a1\uff0c\u5982\u679c\u662f\u9759\u6001\u7f16\u8bd1\u4e86openssl\u5e93\u7684\uff0c\u9700\u8981\u5728\u5347\u7ea7\u5b8cOpenSSL\u540e\u91cd\u65b0\u7f16\u8bd1\u670d\u52a1\u7a0b\u5e8f\uff0c\u4f7f\u7528\u52a8\u6001\u94fe\u63a5\u5e93\u7684\uff0c\u9700\u8981\u91cd\u542f\u4e00\u4e0b\u670d\u52a1\uff1a<\/p>\n
mv \/usr\/bin\/openssl{,.OFF}<\/p>\n
mv \/usr\/include\/openssl{,.OFF}<\/p>\n
ln -s \/usr\/local\/ssl\/bin\/openssl \/usr\/bin\/openssl<\/p>\n
ln -s \/usr\/local\/ssl\/include\/openssl \/usr\/include\/openssl<\/p>\n
echo “\/usr\/local\/ssl\/lib” >> \/etc\/ld.so.conf<\/p>\n
ldconfig -v<\/p>\n
openssl version -a \u9a8c\u8bc1\u7248\u672c\u6b63\u786e\u5347\u7ea7<\/p>\n
<\/p>\n
6. \u5982\u679c\u53d1\u73b0\u5347\u7ea7\u51fa\u73b0\u95ee\u9898\u53ef\u4ee5\u91c7\u7528\u4e00\u4e0b\u65b9\u6cd5\u8fdb\u884c\u56de\u6edaOpenSSL<\/p>\n
rm -rf \/usr\/bin\/openssl \/usr\/include\/openssl<\/p>\n
mv \/usr\/bin\/openssl{.OFF,}<\/p>\n
mv \/usr\/include\/openssl{.OFF,}<\/p>\n
sed s#\/usr\/local\/ssl\/lib##g \/etc\/ld.so.conf<\/p>\n
ldconfig -v<\/p>\n","protected":false},"excerpt":{"rendered":"
OpenSSL\u88ab\u7206\u51fa\u4e25\u91cd\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u5177\u4f53\u8bf7\u770bOpenSSL\u5b98\u7f514\u67087\u65e5\u53d1\u5e03\u7684\u516c\u544a\uff1ahttp:\/\/www.ope […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[29],"class_list":["post-993","post","type-post","status-publish","format-standard","hentry","category-website","tag-bug"],"_links":{"self":[{"href":"http:\/\/hesiwei.cn\/index.php?rest_route=\/wp\/v2\/posts\/993","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/hesiwei.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/hesiwei.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/hesiwei.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/hesiwei.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=993"}],"version-history":[{"count":0,"href":"http:\/\/hesiwei.cn\/index.php?rest_route=\/wp\/v2\/posts\/993\/revisions"}],"wp:attachment":[{"href":"http:\/\/hesiwei.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/hesiwei.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=993"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/hesiwei.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}