Forum OpenACS Q&A: Re: https is down

Collapse
10: Re: https is down (response to 1)
Posted by Janine Ohmer on
Bruno, I think it is OpenSSH you need to ask them about.  There was a root exploit in it earlier in the week, so if they *haven't* updated that then you have some other questions to ask.  I have gathered from reading the threads on this that it is upgrading OpenSSH that is breaking OpenSSL, or at least that's how it sounds to me.
Collapse
11: Re: https is down (response to 10)
Posted by Andrew Piskorski on
Janine, I believe that OpenSSH uses the OpenSSL libraries, but not vice-versa. I am not at all certain, but the Debian package dependencies in the links above appear to show this.

So perhaps it's that some folks are upgrading OpenSSL at the same time they upgraded OpenSSH, and then breaking OpenSSL thread-safety due to silly header file and build changes in OpenSSL?

Collapse
14: Re: https is down (response to 11)
Posted by Bruno Mattarollo on

Strange ... the OpenSSL version that we are running was released: https://rhn.redhat.com/errata/RHSA-2003-101.html so April or something and we started to see problems only 4 weeks ago ... but that is strangely familiar to the time when OpenSSH was upgraded ... I will investigate further ... Have to run now, so more tomorrow (hopefully).