Problem updating openssl with debian 6 against heartbleed-bug

As usual, Debian is too slow releasing updates, let alone backports to older OS versions, like debian 6 (squeeze) or older. So with them old OS-es you're stuck with old openssl crap through apt-get update, and standard install from source will *not* update a previous apt-get installed openssl! Still want to update to 1.0.1g or later? Here's how it *does* work: Check the link for the version that says [LATEST] over here. Currently that means you need to do # wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz # tar xfz openssl-*.tar.gz # cd openssl-* # ./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared enable-ec_nistp_64_gcc_128 It then asks you to do make depend, which you should, and you follow with the usual: # make depend # make # make install and then you can check the version that's running on your server with openssl version and if it says: OpenSSL 1.0.1g 7 Apr 2014 you're safe and sound in Snowden-land. This also works for Ubuntu 8 (hardy) by the way. Be sure to reboot your server after that, renew your server certificates, ask (or better yet FORCE) your users to change their passwords. Of course, you've now gone to source for this package. And trying apt-get remove openssl will…

Continue ReadingProblem updating openssl with debian 6 against heartbleed-bug