Siemens AN25 manual Upgrading OpenSSL

Upgrading OpenSSL

There are two methods available for upgrading the OpenSSL cryptographic software library.

Method 1: Obtaining an Upgrade Package from the Debian Security Update Repository

1.Make sure the APE module has access to the Internet.

2.Log in or gain root access to the APE line module.

3.Using vim or nano, open the file /etc/opt/sources.list and add the following line:

dep http://security.debian.org wheezy/updates main

This points Debian's upgrade system (referred to as APT) to Debian's online Security Update Repository for Debian 7. APE line modules based on Debian 6 are not vulnerable to Heartbleed and require no update.

4.At the command prompt, type the following commands to upgrade the OpenSSL cryptographic software library:

apt-get update

apt-getinstall openssl libssl1.0.0

Make sure both commands execute without errors.

5.Make sure OpenSSL has been upgraded to version 1.0.1e-2+deb7u6 or later. For more information, refer to Chapter 2, Verifying the OpenSSL Version.

6.If further security updates from Debian's Security Update Repository are not desired, remove the lines previously added to /etc/apt/sources.list.

Method 2: Obtaining an Upgrade Package from Siemens Customer Support

1.Request the following Debian packages from Siemens Customer Support:

•openssl_1.0.1e-2+deb7u6_i386.deb

•libssl1.0.0_1.0.1e-2+deb7u6_i386.deb

2.Once obtained, upload the files to the APE line module via SFTP, SCP or a USB memory media.

3.Log in or gain root access to the APE line module.

4.At the command prompt, type the following command to upgrade the OpenSSL cryptographic library:

dpkg -i openssl_1.0.1e-2+deb7u6_i386.deb libssl1.0.0_1.0.1e-2+deb7u6_i386.deb

5.Delete the .deb files by typing:

rm openssl_1.0.1e-2+deb7u6_i386.deb libssl1.0.0_1.0.1e-2+deb7u6_i386.deb

5