Preface Upgrading OpenSSL on RUGGEDCOM APE to Fix the Heartbleed Vulnerability AN25 Application Note 4/2014 RC1150-EN-02 Introduction 1 Verifying the OpenSSL Version 2 Upgrading OpenSSL 3
RUGGEDCOM APE Application Note Copyright © 2014 Siemens Canada Ltd. All rights reserved. Dissemination or reproduction of this document, or evaluation and communication of its contents, is not authorized except where expressly permitted. Violations are liable for damages. All rights reserved, particularly for the purposes of patent application or trademark registration. This document contains proprietary information, which is protected by copyright. All rights are reserved.
RUGGEDCOM APE Application Note Table of Contents Table of Contents Preface ................................................................................................................ v Related Documents ............................................................................................................................. v Accessing Documentation .................................................................................................................... v Training ...................
Table of Contents iv RUGGEDCOM APE Application Note
RUGGEDCOM APE Application Note Preface Preface This application note is intended for use by network technical support personnel who are familiar with the operation of networks. It is also recommended for us by network and system planners, system programmers, and line technicians.
Preface RUGGEDCOM APE Application Note • Telephone Call a local hotline center to submit a Support Request (SR). To locate a local hotline center, visit http:// www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspx.
RUGGEDCOM APE Application Note Chapter 1 Introduction Introduction As of 1 February 2014, Siemens has been shipping some Linux® variants of RUGGEDCOM APE line modules (order codes APE1402-XX, APE1402-C01, APE1404-XX, and APE1404-C01, or MFLBs 6GK6015-0AL20-0GB0, 6GK6015-0AL20-0GB1, 6GK6015-0AL20-0GD0, and 6GK6015-0AL20-0GD1) with a version of the OpenSSL cryptographic software library that is vulnerable to the Heartbleed [http://www.heartbleed.com] security vulnerability.
RUGGEDCOM APE Application Note Chapter 1 Introduction 2
RUGGEDCOM APE Application Note Chapter 2 Verifying the OpenSSL Version Verifying the OpenSSL Version To determine the version of OpenSSL currently installed, do the following: 1. Log in or gain root access to the APE line module. 2. At the command prompt, type the following command: dpkg -l openssl If the version is 1.0.1e-2+deb7u4, the OpenSSL cryptographic software library is vulnerable to Heartbleed.
RUGGEDCOM APE Application Note Chapter 2 Verifying the OpenSSL Version 4
RUGGEDCOM APE Application Note Chapter 3 Upgrading OpenSSL Upgrading OpenSSL There are two methods available for upgrading the OpenSSL cryptographic software library. Method 1: Obtaining an Upgrade Package from the Debian Security Update Repository 1. Make sure the APE module has access to the Internet. 2. Log in or gain root access to the APE line module. 3. Using vim or nano, open the file /etc/opt/sources.list and add the following line: dep http://security.debian.
RUGGEDCOM APE Application Note Chapter 3 Upgrading OpenSSL 6