Question

SSL vulnerability

Posted April 8, 2014 1.9k views
http://thenextweb.com/insider/2014/04/08/openssl-critical-security-vulnerability-need-patch-right-now/ If a new droplet is created, will the patch be included as part of the install or do we need to update openssl?
Add a comment
lynhines
By:
lynhines

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
asb April 8, 2014
We're in the process of recreating our images. In most cases, upgrading will pull in the fix. For a more detailed run down of the situation, see this article:

https://www.digitalocean.com/community/articles/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerability
How to Protect Your Server Against the Heartbleed OpenSSL Vulnerability
by Justin Ellingwood
The Heartbleed OpenSSL vulnerability is one of the most massive security bugs to hit the internet in years. It basically renders any communication that was supposed to have been protected by SSL open to anyone exploiting this vulnerability. In this guide, we'll tell you how to update your servers and rekey your certificates.
Reply Report
matt.lintz April 9, 2014
After setting up a new droplet you should check for updates as an automatic part of setting up.

- just updated / went through cert re issue on mine
Reply Report

Looking for something else?

Ask a new question Search for more help