Install Passenger/Nginx with Heartbleed Mitigation
The following steps may be taken to mitigate the OpenSSL vulnerability.
Compile the heartbleeder vulnerability tester
Locally:
$ brew install go # Mac only $ mkdir -p ~/Code/go $ export GOPATH=$HOME/Code/go $ cd $GOPATH $ go get github.com/titanous/heartbleeder $ go build heartbleeder $ bin/heartbleeder example.com
Update Passenger/Nginx
On your servers:
$ gem update passenger $ export EXTRA_CXXFLAGS="-DOPENSSL_NO_HEARTBEATS" $ export EXTRA_CFLAGS="-DOPENSSL_NO_HEARTBEATS" $ passenger-install-nginx-module # Update your nginx.conf with the new Passenger path # Restart your nginx processes
Check your https web servers
$ bin/heartbleeder example.com
Author: Patrick Morgan (patrick -at- patrick-morgan.net)
License: Creative Commons. Distribute Freely!
