The most common way to fix the heartbleed bug in OpenSSL is to use your server’s package management system to update to the latest version of the software. On Linux systems, this typically involves logging in to the command line interface via SSH. There is, however, a way to use hosting automation. Webmin has built-in support for package management, and you can use it to update OpenSSL.
To check your OpenSSL version, do the following:
- Login to Webmin
- Go to System -> Software Packages
- In the “Search for Package” box, type: openssl and press Enter.
You should see a line that looks like:
If you have version 1.0.1 or 1.0.2beta, you will need to update it. If your Linux distribution is current, simply updating your packages to the latest versions should fix the problem. To update all of your packages:
- Return to System -> Software Packages
- In the last section, “Upgrade All Packages” choose “Resynchornize package list”, “Normal upgrade” and “Only show which packages would be upgraded”
- Click “Upgrade Now”.
Upon completing the upgrade process, it is important make sure you now have a safe version of OpenSSL, such as 1.0.1g. Your distribution may also simply patch the current version. If you do not get a new or patched version, you might have to patch OpenSSL manually. Security experts also recommend that you reissue all SSL key pairs and revoke any keys previously created. You can find more information at heartbleed.com.