rpm -e openssl-devel # remove old version package
wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz
tar zxf openssl-1.0.1g.tar.gz
cd openssl
./config
make
make test
make install
cd /your/httpd/dir
export LDFLAGS=-ldl
./configure --enable-ssl --with-ssl=/usr/local/ssl
make
make install
/usr/local/apache/bin/httpd -k restart # restart apache
curl -I localhost # using curl to check if OpenSSL updated, you'll see something like this
HTTP/1.1 200 OK
Date: Mon, 14 Apr 2014 07:09:20 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1g PHP/5.4.28
Content-Type: text/html; charset=iso-8859-1
ref. The Heartbleed Bug
Leave a comment