Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > Updating Open SSL on Mountain Lion Server

Updating Open SSL on Mountain Lion Server
Thread Tools
Waragainstsleep
Posting Junkie
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Sep 19, 2014, 09:50 AM
 
I need to do this. Apple haven't patched a raft of vulnerabilities and I can't wait for them to get their act together.

Has anyone done this before? Is it going to cause me issues with future updates? Will all my services just happily play with the updated version?
I have plenty of more important things to do, if only I could bring myself to do them....
     
Waragainstsleep  (op)
Posting Junkie
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Sep 19, 2014, 01:36 PM
 
OK, so Apple have just patched it with an updated OpenSSL in 10.9.5 so I guess a patch for 10.8 will be out soon. Maybe I'll just wait a couple days.
I have plenty of more important things to do, if only I could bring myself to do them....
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Sep 22, 2014, 06:19 PM
 
Apple has deprecated OpenSSL in Mac OS X. The version they ship, 0.9.8y, does not have the Heartbleed big, but it has other bugs, OpenSSL not being known for its fantastic code quality.

If the app you're running is building against the security framework in OS X that includes OpenSSL, it should have deprecated the OpenSSL code long ago. If it really wants OpenSSL specifically and it is one you compile yourself, you are probably best off installing a modern OpenSSL from a distribution manager and linking to that.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Waragainstsleep  (op)
Posting Junkie
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Sep 25, 2014, 07:15 AM
 
It was the built-in mail service on 10.8 Server! Apple patched it on Tuesday and the shipping version of OpenSSL on 10.8 and 10.9 is now 0.9.8za.
I have plenty of more important things to do, if only I could bring myself to do them....
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Sep 25, 2014, 02:53 PM
 
So Apple's Server package links against libs they deprecated years ago?
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Waragainstsleep  (op)
Posting Junkie
Join Date: Mar 2004
Location: UK
Status: Offline
Reply With Quote
Sep 26, 2014, 07:59 AM
 
Must do. This particular server is subject to regular scans for PCI DSS compliance. A vulnerability was discovered in OpenSSL and the next scan failed. I patched it and the scan is happy again. Something must be linking against it.

Wonder how long its going to take them to patch this Shellshock bug.
I have plenty of more important things to do, if only I could bring myself to do them....
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Sep 27, 2014, 07:43 PM
 
The bash maintainers have to come up with a good patch first. From what I hear, the second patch attempt wasn't good enough either. Ironically, Apple made a special command line update just before Shellshock.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Thorzdad
Moderator
Join Date: Aug 2001
Location: Nobletucky
Status: Offline
Reply With Quote
Oct 17, 2014, 08:26 AM
 
Apple has released security updates to address the SSL/POODLE vulnerability.
Security update for 10.9 Mavericks
Security update for 10.8 Mountain Lion
These include updates for supported servers (4.0, 3.2.2, 2.2.5)

Users on anything older than 10.8 are, apparently, SOL, as far as Apple is concerned.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 12:08 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,