+ Post New Thread
Results 1 to 14 of 14
Virtual Learning Platforms Thread, Moodle OpenSSL 7 Heartbleed in Technical; Has anyone updated their open SSL on Moodle due to the Heartbleed issue - BBC News - Scramble to fix ...
  1. #1

    Join Date
    May 2008
    Location
    Stockport
    Posts
    53
    Thank Post
    25
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Moodle OpenSSL 7 Heartbleed

    Has anyone updated their open SSL on Moodle due to the Heartbleed issue - BBC News - Scramble to fix huge 'heartbleed' security bug

    I am on OpenSSL V 0.9.8x

    Does anyone know what I need to do to upgrade it to the latest version or am I worrying about nothing?

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,381
    Thank Post
    525
    Thanked 2,615 Times in 2,021 Posts
    Blog Entries
    24
    Rep Power
    891
    Heartbleed Bug says that the 0.9.8 branch isn't vulnerable.

  3. Thanks to localzuk from:

    Wirral_Wonderer (9th April 2014)

  4. #3

    Join Date
    May 2008
    Location
    Stockport
    Posts
    53
    Thank Post
    25
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I searched high and low for it as well!

    Thanks anyway!

  5. #4

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,379
    Thank Post
    613
    Thanked 1,135 Times in 869 Posts
    Blog Entries
    15
    Rep Power
    497
    Another site says that it is. I would suggest taking the opportunity to update regardless.

  6. #5

    Join Date
    May 2008
    Location
    Stockport
    Posts
    53
    Thank Post
    25
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Ah, any ideas how?

  7. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,381
    Thank Post
    525
    Thanked 2,615 Times in 2,021 Posts
    Blog Entries
    24
    Rep Power
    891
    That depends on the OS you're running.

  8. #7

    Join Date
    May 2008
    Location
    Stockport
    Posts
    53
    Thank Post
    25
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    It would help if I gave you that info!

    Windows 2008 using iis

    Thanks

  9. #8

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,381
    Thank Post
    525
    Thanked 2,615 Times in 2,021 Posts
    Blog Entries
    24
    Rep Power
    891
    Wait, how/why are you using OpenSSL with IIS and not SChannel? Are you running a load balancer or reverse proxy in front of it?

  10. #9

    Join Date
    May 2008
    Location
    Stockport
    Posts
    53
    Thank Post
    25
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Er?! Just what I got from php info. To be honest someone else set it up for us.

    Maybe it's not an issue?

  11. #10

    Join Date
    May 2008
    Location
    Stockport
    Posts
    53
    Thank Post
    25
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    The LA is providing us with a reverse proxy as well

    What should we be using?

  12. #11

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    551
    Thank Post
    134
    Thanked 19 Times in 19 Posts
    Rep Power
    12
    We have just installed moodle 2.6 on a windows server and this also says it is running one of the affected versions. Does anyone know how to upgrade OpenSSL on windows?

  13. #12

    unixman_again's Avatar
    Join Date
    Nov 2011
    Posts
    893
    Thank Post
    35
    Thanked 170 Times in 130 Posts
    Rep Power
    141
    I fixed ours by replacing php_openssl.dll using the info at PHP For Windows:

  14. Thanks to unixman_again from:

    tj2419 (10th April 2014)

  15. #13

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    551
    Thank Post
    134
    Thanked 19 Times in 19 Posts
    Rep Power
    12
    Quote Originally Posted by unixman_again View Post
    I fixed ours by replacing php_openssl.dll using the info at PHP For Windows:
    Hi Thanks for the link. I may be being a bit slow to catch up but is there supposed to be a file called php_openssl.dll in the download on that link? As i can't find one just have the three folders bin, lib, include and a openssl.cnf file.

    Do i need to copy all these over? As i also can't seem to find a lib directory to replace on my moodle server.

    Can you tell i don't play around with php much :P

  16. #14

    unixman_again's Avatar
    Join Date
    Nov 2011
    Posts
    893
    Thank Post
    35
    Thanked 170 Times in 130 Posts
    Rep Power
    141
    Depends on your server. If you are running Apache :
    • download php-5.4.16-Win32-VC9-x86.zip
    • move your PHP out of the way
    • extract the download to where PHP lives
    • copy your php.ini over
    • download httpd-2.4.9-win32-VC9.zip from https://www.apachelounge.com/download/additional/
    • move Apache out of the way
    • extract the apache download to where apache lives
    • copy the apache conf over
    • check apache runs using cmd
    • if OK, restart apache

    If you are running IIS, I guess the same applies but ignore the apache stuff.

    Why upgrade Apache & PHP? Apache is built with OpenSSL and you need to have both patched.



SHARE:
+ Post New Thread

Similar Threads

  1. Do you Moodle?
    By RobC in forum Web Development
    Replies: 45
    Last Post: 15th January 2006, 07:17 PM
  2. Moodle and remote access.
    By eejit in forum Windows
    Replies: 4
    Last Post: 5th January 2006, 11:59 AM
  3. Moodle
    By StewartKnight in forum Educational Software
    Replies: 15
    Last Post: 19th July 2005, 07:10 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •