{"id":1401,"date":"2014-04-13T22:44:52","date_gmt":"2014-04-13T14:44:52","guid":{"rendered":"http:\/\/localhost\/portal\/2014\/04\/13\/openssl-heartbleed\/"},"modified":"2014-04-13T22:44:52","modified_gmt":"2014-04-13T14:44:52","slug":"openssl-heartbleed","status":"publish","type":"post","link":"https:\/\/www.cyberhunter.com.tw\/?p=1401","title":{"rendered":"\u81fa\u7063\u4f01\u696d\u958b\u59cb\u56e0\u61c9OpenSSL\u8d85\u5371\u96aa\u6f0f\u6d1e\u3000\u6230\u570b\u7b56\u3001\u806f\u5361\u4e2d\u5fc3\u6436\u5148\u4fee\u88dc"},"content":{"rendered":"

 <\/p>\n

\u5168\u7403OpenSSL\u6f0f\u6d1e\u98a8\u66b4\u5439\u5230\u81fa\u7063\uff0c\u81fa\u7063\u958b\u59cb\u6709\u4f01\u696d\u5c55\u958b\u56e0\u61c9\uff0c\u4f8b\u5982\u4e3b\u6a5f\u4ee3\u7ba1\u696d\u8005\u6230\u570b\u7b56\u5df2\u5b8c\u6210Linux\u4e3b\u6a5f\u7684OpenSSL\u5347\u7d1a\u4fee\u88dc\u5de5\u4f5c\uff0c\u806f\u5408\u4fe1\u7528\u5361\u8655\u7406\u4e2d\u5fc3\u4e5f\u91dd\u5c0d\u5c11\u6578OpenSSL\u61c9\u7528\u5c55\u958b\u4fee\u88dc\u5de5\u4f5c\u3002<\/div>\n
 <\/div>\n
 <\/div>\n
\u6587\/ iThome<\/a> \u80e1\u744b\u4f73 | 2014-04-10\u767c\u8868<\/p>\n
\u4e3b\u6a5f\u4ee3\u7ba1\u696d\u8005\u6230\u570b\u7b56\u5df2\u5b8c\u6210Linux\u4e3b\u6a5f\u7684OpenSSL\u5347\u7d1a\u4fee\u88dc\u5de5\u4f5c\uff0c\u806f\u5408\u4fe1\u7528\u5361\u8655\u7406\u4e2d\u5fc3\u4e5f\u91dd\u5c0d\u5c11\u6578OpenSSL\u61c9\u7528\u5c55\u8a72\u4fee\u88dc\u5de5\u4f5c\u3002<\/div>\n
 <\/div>\n
 <\/div>\n
\u5168\u7403OpenSSL\u6f0f\u6d1e\u98a8\u66b4\u5439\u5230\u81fa\u7063\uff0c\u81fa\u7063\u958b\u59cb\u6709\u4f01\u696d\u5c55\u958b\u56e0\u61c9\uff0c\u4f8b\u5982\u4e3b\u6a5f\u4ee3\u7ba1\u696d\u8005\u6230\u570b\u7b56\u5df2\u5b8c\u6210Linux\u4e3b\u6a5f\u7684OpenSSL\u5347\u7d1a\u4fee\u88dc\u5de5\u4f5c\uff0c\u806f\u5408\u4fe1\u7528\u5361\u8655\u7406\u4e2d\u5fc3\u4e5f\u91dd\u5c0d\u5c11\u6578OpenSSL\u61c9\u7528\u5c55\u958b\u4fee\u88dc\u5de5\u4f5c\u3002\u81fa\u7063Yahoo\u5947\u6469\u5247\u8868\u793a\uff0c\u81fa\u7063\u4f9d\u5168\u7403\u7e3d\u90e8\u653f\u7b56\u56e0\u61c9\u3002\u96c5\u864e\u5168\u7403\u5df2\u767c\u5e03\u516c\u544a\uff0c\u8a72\u516c\u53f8\u5718\u968a\u5df2\u5c0d\u96c5\u864e\u7684\u4e3b\u8981\u5c6c\u6027\u6210\u529f\u9032\u884c\u9069\u7576\u7684\u4fee\u6b63\u3002<\/div>\n
 <\/div>\n
\u6230\u570b\u7b56\u7db2\u8def\u5de5\u7a0b\u90e8\u4e3b\u7ba1\u6797\u5c1a\u4ec1\u8868\u793a\uff0c\u76ee\u524d\u6230\u570b\u7b56\u7684\u4e3b\u6a5f\u63a1\u7528Linux\u7b2c\u4e09\u4ee3\u67b6\u69cb\uff0c\u75764\u67088\u65e5\u63a5\u5230OpenSSL\u542b\u6709\u52a0\u5bc6\u50b3\u8f38\u6f0f\u6d1e\uff0c\u5df2\u7d93\u65bc\u79ae\u62dc\u4e09\u6aa2\u67e5\u6240\u6709\u5177\u6709\u6f0f\u6d1e\u7684\u4e3b\u6a5f\uff0c\u4e14\u7576\u5929\u5df2\u4f7f\u7528OpenSSL 1.0.1g\u7248\u672c\u4fee\u88dc\u8a72\u6f0f\u6d1e\u3002<\/div>\n
 <\/div>\n
\u806f\u5408\u4fe1\u7528\u5361\u8655\u7406\u4e2d\u5fc3\u8cc7\u8a0a\u670d\u52d9\u90e8\u8cc7\u6df1\u5354\u7406\u738b\u66c9\u8559\u5247\u8868\u793a\uff0c\u806f\u5408\u4fe1\u7528\u5361\u8655\u7406\u4e2d\u5fc3\u7684\u6838\u5fc3\u7cfb\u7d71\u4e26\u975e\u4f7f\u7528\u958b\u6e90\u8edf\u9ad4\uff0c\u53ea\u6709\u5c11\u90e8\u5206\u61c9\u7528\u4f7f\u7528\u4e86OpenSSL\uff0c\u6240\u4ee5\uff0c\u5f71\u97ff\u4e0d\u5927\u3002\u8a72\u4e2d\u5fc3\u5df2\u6307\u6d3e\u8ca0\u8cac\u8cc7\u5b89\u7684\u5c0f\u7d44\u8457\u624b\u7814\u7a76\u6f0f\u6d1e\u7d30\u7bc0\uff0c\u4e26\u5df2\u8abf\u6574\u9700\u8981\u4fee\u88dc\u7684\u76f8\u95dc\u7a0b\u5f0f\u6216\u7cfb\u7d71\u3002<\/div>\n
 <\/div>\n
\u53e6\u6709\u91d1\u878d\u696d\u8005\u8a8d\u70ba\uff0c\u56e0\u70ba\u91d1\u878d\u696d\u7684\u52a0\u5bc6\u6a5f\u5236\u5927\u591a\u63a1\u7528\u975e\u958b\u6e90\u7684\u52a0\u5bc6\u65b9\u5f0f\uff0c\u6216\u662f\u518d\u642d\u914d\u5167\u5bb9\u4e82\u78bc\u5316\u7684\u65b9\u5f0f\u4f86\u4fdd\u8b77\u8cc7\u6599\uff0cOpenSSL\u5c0d\u91d1\u878d\u8b49\u5238\u696d\u7684\u5f71\u97ff\u4e26\u4e0d\u5927\u3002\u5982\u6c38\u8c50\u91d1\u8b49\u5238\u548c\u677f\u4fe1\u5546\u696d\u9280\u884c\u5747\u8868\u793a\uff0c\u6c92\u6709\u63a1\u7528OpenSSL\u800c\u4e0d\u53d7\u5f71\u97ff\u3002<\/div>\n
 <\/div>\n
\u570b\u5bb6\u9ad8\u901f\u7db2\u8def\u8207\u8a08\u7b97\u4e2d\u5fc3\u52a9\u7406\u5de5\u7a0b\u5e2b\u674e\u67cf\u6bc5\u8868\u793a\uff0c\u5168\u81fa\u7063\u7d04\u4e8c\u5206\u4e4b\u4e00\u4ee5\u4e0a\u7684\u7db2\u7ad9\u90fd\u6703\u6709\u6f0f\u6d1e\uff0c\u53ea\u8981\u904b\u7528OpenSSL\u9019\u6a21\u7d44\u7684\u7db2\u7ad9\u90fd\u6703\u53d7\u5230\u5f71\u97ff\uff0c\u4e3b\u8981\u5f71\u97ff\u5230\u4f7f\u7528https\u670d\u52d9\u7684\u7db2\u7ad9\uff0c\u5305\u542b\u904b\u7528\u4f7f\u7528\u8005\u8a8d\u8b49\u6a5f\u5236\u548c\u7dda\u4e0a\u4ea4\u6613\u7b49\u7db2\u7ad9\u3002<\/div>\n
 <\/div>\n
 <\/div>\n
 <\/div>\n
\u5df2\u51fa\u73fe\u81ea\u52d5\u5316\u653b\u64ca\u5de5\u5177<\/div>\n
\u53e6\u5916\uff0c\u674e\u67cf\u6bc5\u8868\u793a\uff0c\u4ee5\u524d\u5927\u90e8\u5206\u7684\u4eba\u90fd\u4e0d\u77e5\u9053\u9019\u500b\u6f0f\u6d1e\uff0c\u7576Google\u5b89\u5168\u90e8\u9580\u4eba\u54e1\u767c\u73fe\u6b64\u6f0f\u6d1e\u5f8c\uff0c\u5df2\u7d93\u6709\u99ed\u5ba2\u958b\u767c\u51fa\u4f86\u5c08\u9580\u7684\u653b\u64ca\u7a0b\u5f0f\uff0c\u91dd\u5c0dOpenSSL\u9019\u500b\u6f0f\u6d1e\u9032\u884c\u653b\u64ca\u548c\u622a\u53d6\u8cc7\u6599\uff0c\u5f71\u97ff\u7bc4\u570d\u53c8\u66f4\u5927\uff0c\u6240\u4ee5\u5efa\u8b70\u4f01\u696d\u8981\u76e1\u5feb\u66f4\u65b0OpenSSL 1.0.1g\u3002<\/div>\n
 <\/div>\n
\u5c31\u500b\u4eba\u81ea\u4fdd\u65b9\u9762\uff0c\u674e\u67cf\u6bc5\u8868\u793a\uff0c\u56e0\u70ba\u9019\u6b21\u662f\u52a0\u5bc6\u5354\u5b9a\u7684\u554f\u984c\uff0c\u6240\u4ee5\u5c31\u7b97\u6539\u5bc6\u78bc\u4e5f\u7121\u6cd5\u907f\u514d\u500b\u4eba\u8cc7\u6599\u5916\u6d29\uff0c\u552f\u4e00\u7684\u65b9\u5f0f\u5c31\u662f\u66ab\u505c\u4f7f\u7528\u7dda\u4e0a\u4ea4\u6613\u670d\u52d9\u3002<\/div>\n
 <\/div>\n
OpenSSL\u7db2\u7ad9\u65bc4\u67088\u65e5\uff0c\u767c\u5e03\u7dca\u6025\u5b89\u5168\u4fee\u88dc\u516c\u544a\uff0c\u516c\u5e03OpenSSL\u4e2d\u4e00\u500b\u53ef\u80fd\u6f5b\u4f0f\u9577\u90542\u5e74\u4e4b\u4e45\u7684\u91cd\u5927\u5b89\u5168\u6f0f\u6d1e\u3002\u8a72\u6f0f\u6d1e\u65e9\u57282011\u5e74\u5c31\u5df2\u7d93\u88ab\u5c0e\u5165\uff0c\u76f4\u5230\u6700\u8fd1\u624d\u88ab\u82ac\u862d\u7db2\u8def\u5b89\u5168\u516c\u53f8Codenomicon\u7684\u53caGoogle\u5b89\u5168\u90e8\u9580\u7684Neel Mehta\u767c\u73fe\u3002\u99ed\u5ba2\u53ef\u5229\u7528\u6b64\u7db2\u8def\u5b89\u5168\u6f0f\u6d1e\u300cHeartbleed\u300d\u7aca\u53d6\u4f7f\u7528\u8005\u8cc7\u8a0a\u3002<\/div>\n
 <\/div>\n
Heartbleed\u81ed\u87f2\u53ef\u4ee5\u8b93\u7db2\u8def\u4e0a\u4efb\u4f55\u4eba\u8b80\u53d6\u5230\u7531OpenSSL\u9632\u8b77\u7684\u7cfb\u7d71\u8a18\u61b6\u9ad4\uff0c\u9032\u800c\u53d6\u5f97\u670d\u52d9\u4f9b\u61c9\u5546\u6216\u52a0\u5bc6\u7db2\u8def\u6d41\u91cf\u7684\u91d1\u9470\uff0c\u8207\u4f7f\u7528\u8005\u7684\u5e33\u865f\u8207\u5bc6\u78bc\u3002\u653b\u64ca\u8005\u53ef\u85c9\u6b64\u7aca\u53d6\u670d\u52d9\u6216\u8eab\u4efd\u9a57\u8b49\u5167\u5bb9\uff0c\u4e26\u4e14\u5047\u5192\u670d\u52d9\u6216\u4f7f\u7528\u8005\u8eab\u4efd\u3002<\/div>\n
 <\/div>\n
OpenSSL\u52a0\u5bc6\u50b3\u8f38\u6f0f\u6d1e\u5f71\u97ff\u904d\u53ca\u5404\u7a2e\u4f5c\u696d\u7cfb\u7d71\uff0c\u5168\u7403\u4f54Web\u4f3a\u670d\u5668\u4e00\u534a\u4ee5\u4e0a\u7684Apache\u90fd\u662f\u4f7f\u7528\u9019\u5957\u8edf\u9ad4\u4f86\u9032\u884cSSL\/TLS\u52a0\u5bc6\u3002\u53e6\u5916\uff0c\u8a31\u591a\u5927\u578b\u7db2\u8def\u516c\u53f8\uff0c\u5982Google\u3001Yahoo\u3001Facebook\u7b49\uff0c\u90fd\u4f7f\u7528SSL\u9810\u8a2d\u5c0d\u5176\u7db2\u8def\u670d\u52d9\u9032\u884c\u52a0\u5bc6\u3002<\/div>\n
 <\/div>\n
\u53d7\u5f71\u97ff\u7684\u7248\u672c\u904d\u53ca2011\u5e7412\u6708\u7684OpenSSL 1.0.1\u52301.0.1f\u3002\u53e6\u4e5f\u6709\u8a31\u591a\u5167\u542bOpenSSL\u7684Linux\u4f5c\u696d\u7cfb\u7d71\u53d7\u5230\u5f71\u97ff\uff0c\u5305\u62ecDebian Wheezy\uff0cUbuntu 12.04.4 LTS\uff0cCentOS 6.5\u3001Fedora 18\u3001OpenBSD 5.3\u53ca 5.4 \u3001FreeBSD 10.0 \u4ee5\u4e0a\u53caNetBSD 5.0.2\u3002OpenSSL\u4e26\u5df2\u540c\u6642\u91cb\u51faOpenSSL 1.0.1g\u4fee\u88dc\u8a72\u6f0f\u6d1e\u3002<\/p>\n

\n <\/div>\n<\/div>\n