You may be reading this after reading my guide here https://fearby.com/article/adding-a-commercial-ssl-certificate-to-a-digital-ocean-vm
Having strong SSL and security is a constant battle. Recently a bug OpenSSL Padding Oracle vulnerability (CVE-2016-2107) in OpenSSL. More information here.
Hopefully you do not see this:
How to Fix (1/2) – Update Misc.
sudo apt-get update sudo apt-get dist-upgrade
How to Fix (2/2) – Manual Update OpenSSL
Head on over to ftp://ftp.openssl.org/source/ and check the filename of the latest update.
Run the following commands in a terminal.
wget ftp://ftp.openssl.org/source/openssl-1.0.2h.tar.gz tar -xvzf openssl-1.0.1g.tar.gz cd openssl-1.0.1g ./config --prefix=/usr/ make sudo make install
You can verify you are running the latest OpenSSL by typing:
[email protected]:~/temp/openssl-1.0.2h# openssl version OpenSSL 1.0.2h 3 May 2016
You may also need to restart your web server:
sudo service nginx restart
Review more security advice here: https://wiki.ubuntu.com/Security/Upgrades
Re test your website with https://filippo.io/CVE-2016-2107/.
Cheap may not be good (hosting or DIY), do check your website often in https://www.shodan.io and see if it has open software or is known to hackers.
I hope this helps.
Donate and make this blog better
Ask a question or recommend an article