1and1 Help Centre Categories

print article

OpenSSL Heartbleed Bug

For 1&1 Dedicated Server, 1&1 Virtual Server and 1&1 Dynamic Cloud Server

The Heartbleed bug is one of the most serious security flaws discovered in the OpenSSL encryption library. This vulnerability was caused by a programming error made during the implementation of a new feature in the OpenSSL TLS protocol. This vulnerability affects a key component of the system that provides a secure connection, allowing others to read your encrypted data.

Affected Server, Types of Services and OpenSSL Versions

All Internet servers that use OpenSSL encryption are affected. Not only webservers, but often also those used for E-mail, Plesk, VPN, etc. The security gap affects OpenSSL versions starting from 1.0.1, up to 1.0.1f. If one of these OpenSSL versions is installed on your server, please run an update.

Not affected are:

  • OpenSSL Versions 1.0.1g, OpenSSL 1.0.0 and OpenSSL 0.9.8
  • Customers with a 1&1 WebHosting package (Shared Hosting) or a 1&1 Managed Server.

Check your OpenSSL Version

By default, OpenSSL is installed on all Linux distributions. You can find the version installed on your server by using the following Shell command:

root@s12345678:/etc# openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr 7 20:33:29 UTC 2014
platform: debian-amd64
Please note:
The version number displayed above indicates if your version could be vulnerable to the bug, but does not determine if it was in fact affected.
The date next to 'built on' is crucial. If the date is the 7th of April 2014 or later, then your version already contains the bug fix.

You can check your server's vulnerability by referring to the Filippo.io Heartbleed page.

Protect Yourself from the Bug
  • Update your system as soon as possible. Most Linux distributions offer security updates that can be performed using the standard repositories.
  • Replace/renew your SSL certificate. It cannot be ruled out that data or keys have already been read.
  • Read the information on http://heartbleed.com/.

Depending on the system, you can use the following commands to perform the update:

Debian/Ubuntu apt-get update; apt-get install
CentOS yum update
OpenSUSE zypper update
Please note:
After the update, all services using the SSL libraries must be restarted. Should you be unsure, we recommend a complete restart of the whole server.
For additional information, you may want to reference: