This week, a major bug on Openssl, called Heartbleed, was announced which basically renders any ssl protection useless.
You can test if your site is vulnerable by doing this test by Qualys.
As you can see, we have failed the test and it highlights the fact that we have the vulnerability.
How to patch it
(optional, but the other commands will have to be proceeded with
sudo if you do not).
openssl version -b
You will get something like,* built on: Wed Jan 8 20:45:51 UTC 2014*. If the date is less than April 7th, then you will have the bug.
apt-get upgrade openssl
Press Y to continue.
Note: you may need to do
apt-get update first to get the latest packages.
And that is it. Vulnerability fixed. Do
openssl version -b again and check the day is at least Apr 7.
The test also shows the vulnerability is fixed!
Thanks to my colleague, Sheraz, for help finding a solution to the problem!