You may be reading this after reading my guide here https://fearby.com/article/adding-a-commercial-ssl-certificate-to-a-digital-ocean-vm
Having strong SSL and security is a constant battle. Recently a bug OpenSSL Padding Oracle vulnerability (CVE-2016-2107) in OpenSSL. More information here.
Hopefully you do not see this:
How to Fix (1/2) – Update Misc.
sudo apt-get update
sudo apt-get dist-upgrade
How to Fix (2/2) – Manual Update OpenSSL
Head on over to ftp://ftp.openssl.org/source/ and check the filename of the latest update.
Run the following commands in a terminal.
tar -xvzf openssl-1.0.1g.tar.gz
sudo make install
You can verify you are running the latest OpenSSL by typing:
root@yourdomain:~/temp/openssl-1.0.2h# openssl version
OpenSSL 1.0.2h 3 May 2016
You may also need to restart your web server:
sudo service nginx restart
Review more security advice here: https://wiki.ubuntu.com/Security/Upgrades
Re test your website with https://filippo.io/CVE-2016-2107/.
Cheap may not be good (hosting or DIY), do check your website often in https://www.shodan.io and see if it has open software or is known to hackers.
I hope this helps.
Donate and make this blog better
Ask a question or recommend an article