1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New OpenSSL vulnerability, directly impacting Nginx

Discussion in 'Server Configuration and Hosting' started by Floren, May 7, 2014.

  1. Floren

    Floren Well-Known Member

    Last edited: May 7, 2014
    Dinosaur, MattW, Null and 1 other person like this.
  2. BamaStangGuy

    BamaStangGuy Well-Known Member

    OpenSSL has really taken a beating recently.
  3. Null

    Null Well-Known Member

    HWS likes this.
  4. Floren

    Floren Well-Known Member

    The big guns already formed a fund coalition for OpenSSL: Amazon, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm and VMWare. Each company will donate $100,000/year for 3 years. Apple decided is not important to participate... :rolleyes::rolleyes::rolleyes: I can't stand this company.
  5. BamaStangGuy

    BamaStangGuy Well-Known Member

    Maybe they figured 1.3 million a year is enough?
  6. BamaStangGuy

    BamaStangGuy Well-Known Member

    For CentminMod users:

    step 1. run command to patch OpenSSL 1.0.1g source for Nginx usage
    curl -sL https://gist.github.com/centminmod/7e0a38b394d5d2f8fc7a/raw/releasebuffer.sh | bash
    step 2. Set OPENSSL_VERSION='1.0.1g' version set in centmin.sh
    step 3. Run centmin.sh menu option #4 recompile Nginx. When prompted if you want to recompile OpenSSL - select YES
    TheComputerGuy and MattW like this.
  7. Null

    Null Well-Known Member

    I think Apple deprecated the use of OpenSSL a few years back (at least, that's the impression I got from WWDC).
  8. MattW

    MattW Well-Known Member

    Just patched 4 servers :)
  9. RoldanLT

    RoldanLT Well-Known Member

  10. Floren

    Floren Well-Known Member

    With the revenue they have, I think they can afford a donation of $300,000 which is BTW tax deductible. :rolleyes:(n)
    After they ripped entirely FreeBSD to make their MacOS and bribed the developers with few pennies to have their mouths shut, they could at least support Open Source...
  11. euantor

    euantor Well-Known Member

    Not all of that is going to OpenSSL though. It's a collective fund to help struggling Open Source projects IIRC.
  12. Moshe1010

    Moshe1010 Well-Known Member

    There are better causes to support than crappy OpenSSL. Why would they support something they don't use? Because they have money? So? The above companies are using it, so they have an interest to support it.
  13. Amaury

    Amaury Well-Known Member

    @Nights: Check and see if our server's affected by this.
  14. Dinosaur

    Dinosaur Member

Share This Page