Alpha Video Training
Results 1 to 1 of 1

Thread: OpenSSL Heartbleed (Heartbeat) Vulnerability

  1. #1
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,695

    Default OpenSSL Heartbleed (Heartbeat) Vulnerability

    Heartbleed (Heartbeat) OpenSSL Vulnerability
    A serious vulnerability known as the heartbleed bug was recently discovered in OpenSSL. Alpha Anywhere, Alpha Five and the Application Server use OpenSSL for encryption, so they are impacted by this vulnerability if they are using OpenSSL 1.0.1 though 1.0.1f.

    How Can I Resolve This Vulnerability
    The OpenSSL Project closed this vulnerability in release 1.0.1g, which they made available on Monday, 4/7/2014. We incorporated it into the Alpha Anywhere builds on Tuesday, 4/8/2014. It is available in the Alpha Anywhere prereleases as of Wednesday, 4/9/2014. Prereleases are available from http://downloads.alphasoftware.com/A...easeNotes.html.

    If you do not want to use a prerelease, or you are using a version of Alpha prior to Alpha Anywhere (v12), you can manually update the OpenSSL DLLs on your system to resolve this. (See Below)

    How Do I Know What Version of OpenSSL Alpha is Using?
    Alpha installs copies of the OpenSSL DLLs in the same location that you install Alpha itself. These DLLs are libeay32.dll and ssleay32.dll. Using Windows Explorer, navigate to the correct folder, then right-click on each of the DLLs, select Properties, and then select the Details tab. The DLL version is shown as Product version, as shown below.

    OpenSSLVersion.png

    How Do I Manually Update OpenSSL
    Alpha uses the libeay32.dll and ssleay32.dll files in the installation folder to work with OpenSSL. To update your version of OpenSSL, simply replace these two files with newer versions, making sure that the version number of both replacement files match each other.

    Please note that as these DLLs are used for encryption operations, you should only obtain them from a trusted source. Alpha Software is not responsible for the use of OpenSSL DLLs obtained from sources other than Alpha Software. You may obtain the DLLs from Alpha at http://dlcf.alphasoftware.com/a5v12D...nSSL1.0.1g.zip Note: These DLLs are OpenSSL version 1.0.1g and are the latest as of April 9, 2014. They are not guaranteed to be the latest available should OpenSSL release an update.

    Additional Information and Resources
    The OpenSSL Project
    OpenSSL Security Advisory CVE-2014-0160
    The Heartbleed Bug
    Online Heartbleed Vulnerability Tester
    Last edited by Lenny Forziati; 07-24-2014 at 01:06 PM.

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

Similar Threads

  1. SSL problem:"Error reading private key file. OpenSSL Desc error:0906D06C:PEM routines
    By fsi in forum Application Server Version 11 - Web/Browser Applications
    Replies: 0
    Last Post: 05-14-2013, 08:47 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •