+ Post New Thread
Results 1 to 14 of 14
Virtual Learning Platforms Thread, Moodle OpenSSL 7 Heartbleed in Technical; Has anyone updated their open SSL on Moodle due to the Heartbleed issue - BBC News - Scramble to fix ...
  1. #1

    Join Date
    May 2008
    Location
    Stockport
    Posts
    51
    Thank Post
    23
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Moodle OpenSSL 7 Heartbleed

    Has anyone updated their open SSL on Moodle due to the Heartbleed issue - BBC News - Scramble to fix huge 'heartbleed' security bug

    I am on OpenSSL V 0.9.8x

    Does anyone know what I need to do to upgrade it to the latest version or am I worrying about nothing?

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,807
    Thank Post
    517
    Thanked 2,469 Times in 1,913 Posts
    Blog Entries
    24
    Rep Power
    835
    Heartbleed Bug says that the 0.9.8 branch isn't vulnerable.

  3. Thanks to localzuk from:

    Wirral_Wonderer (9th April 2014)

  4. #3

    Join Date
    May 2008
    Location
    Stockport
    Posts
    51
    Thank Post
    23
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I searched high and low for it as well!

    Thanks anyway!

  5. #4

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,037
    Thank Post
    589
    Thanked 1,031 Times in 791 Posts
    Blog Entries
    15
    Rep Power
    467
    Another site says that it is. I would suggest taking the opportunity to update regardless.

  6. #5

    Join Date
    May 2008
    Location
    Stockport
    Posts
    51
    Thank Post
    23
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Ah, any ideas how?

  7. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,807
    Thank Post
    517
    Thanked 2,469 Times in 1,913 Posts
    Blog Entries
    24
    Rep Power
    835
    That depends on the OS you're running.

  8. #7

    Join Date
    May 2008
    Location
    Stockport
    Posts
    51
    Thank Post
    23
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    It would help if I gave you that info!

    Windows 2008 using iis

    Thanks

  9. #8

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,807
    Thank Post
    517
    Thanked 2,469 Times in 1,913 Posts
    Blog Entries
    24
    Rep Power
    835
    Wait, how/why are you using OpenSSL with IIS and not SChannel? Are you running a load balancer or reverse proxy in front of it?

  10. #9

    Join Date
    May 2008
    Location
    Stockport
    Posts
    51
    Thank Post
    23
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Er?! Just what I got from php info. To be honest someone else set it up for us.

    Maybe it's not an issue?

  11. #10

    Join Date
    May 2008
    Location
    Stockport
    Posts
    51
    Thank Post
    23
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    The LA is providing us with a reverse proxy as well

    What should we be using?

  12. #11

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    505
    Thank Post
    122
    Thanked 17 Times in 17 Posts
    Rep Power
    10
    We have just installed moodle 2.6 on a windows server and this also says it is running one of the affected versions. Does anyone know how to upgrade OpenSSL on windows?

  13. #12

    unixman_again's Avatar
    Join Date
    Nov 2011
    Posts
    751
    Thank Post
    30
    Thanked 149 Times in 113 Posts
    Rep Power
    136
    I fixed ours by replacing php_openssl.dll using the info at PHP For Windows:

  14. Thanks to unixman_again from:

    tj2419 (10th April 2014)

  15. #13

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    505
    Thank Post
    122
    Thanked 17 Times in 17 Posts
    Rep Power
    10
    Quote Originally Posted by unixman_again View Post
    I fixed ours by replacing php_openssl.dll using the info at PHP For Windows:
    Hi Thanks for the link. I may be being a bit slow to catch up but is there supposed to be a file called php_openssl.dll in the download on that link? As i can't find one just have the three folders bin, lib, include and a openssl.cnf file.

    Do i need to copy all these over? As i also can't seem to find a lib directory to replace on my moodle server.

    Can you tell i don't play around with php much :P

  16. #14

    unixman_again's Avatar
    Join Date
    Nov 2011
    Posts
    751
    Thank Post
    30
    Thanked 149 Times in 113 Posts
    Rep Power
    136
    Depends on your server. If you are running Apache :
    • download php-5.4.16-Win32-VC9-x86.zip
    • move your PHP out of the way
    • extract the download to where PHP lives
    • copy your php.ini over
    • download httpd-2.4.9-win32-VC9.zip from https://www.apachelounge.com/download/additional/
    • move Apache out of the way
    • extract the apache download to where apache lives
    • copy the apache conf over
    • check apache runs using cmd
    • if OK, restart apache

    If you are running IIS, I guess the same applies but ignore the apache stuff.

    Why upgrade Apache & PHP? Apache is built with OpenSSL and you need to have both patched.

SHARE:
+ Post New Thread

Similar Threads

  1. Do you Moodle?
    By RobC in forum Web Development
    Replies: 45
    Last Post: 15th January 2006, 06:17 PM
  2. Moodle and remote access.
    By eejit in forum Windows
    Replies: 4
    Last Post: 5th January 2006, 10:59 AM
  3. Moodle
    By StewartKnight in forum Educational Software
    Replies: 15
    Last Post: 19th July 2005, 06:10 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •