I am using apache2 server runing on a Ubuntu Server 12.04 LTS. In my apache2 conf file there is a host that looks like this.
IfModule mod_ssl.c>
VirtualHost *:443>
//Every configuration for the virtual host working fine.
/VirtualHost>
/IfModule>
I avoid using the "minor" sign since SO does not display the line containing it.
I cannot read "OpenSSL" anywhere. So my intuition says that I am not using it at all. So I should not worry about Heart bleed open SSL bug.
Am I right?
Thanks in advance.
From the command prompt do:
openssl version
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Your config is using mod_ssl. Mod SSL is OpenSSL built for Apache.
If your server is public facing you can try something like this tool. http://filippo.io/Heartbleed/