From owner-freebsd-isp@FreeBSD.ORG Thu Jun 12 15:52:11 2014 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 95DED170 for ; Thu, 12 Jun 2014 15:52:11 +0000 (UTC) Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 301552AF1 for ; Thu, 12 Jun 2014 15:52:11 +0000 (UTC) Received: by mail-we0-f173.google.com with SMTP id t60so1504492wes.4 for ; Thu, 12 Jun 2014 08:52:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:message-id:date :to:mime-version; bh=UW6TtXR8opLBabaY82fa61DPI4aRwxPUKYOsJAVKEXA=; b=Or3P7+Wcva+V+mrFhSKjg/QusoSJhkPdvc8felkOuTgaJGuBmIDJAm6MYb2PXj1nSY mcSA66taofJL1toWKD0sOWhakTDFftc1uYfEans3OJduInmI/QYJjq02SIXzErj5dhwY pcT1cSa7TlmXVQ8x49Y5nTC3K3JSCp9uhulJAD/9s28pm+0aglRawaMKozTQTwiBQpUL inrcD2g8hF4jym5lsBNTTMhFI1WyAGuj2Ssn5zPZiiTnwrgS6DbkY8/62aR2r7pdAIBe l7YDKAH8BLScjg0KkLF2Hl8GSIsugk+D3U07OAqMl5F7/3yx3eEXCnuOxzoRYDvRQRYJ hZeA== X-Received: by 10.180.126.97 with SMTP id mx1mr7537217wib.29.1402588328452; Thu, 12 Jun 2014 08:52:08 -0700 (PDT) Received: from [172.22.22.70] (out-4.consol.de. [194.246.123.253]) by mx.google.com with ESMTPSA id r44sm5457520eeo.18.2014.06.12.08.52.07 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 12 Jun 2014 08:52:07 -0700 (PDT) From: Florian Heigl Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Subject: "Online" Updating of OpenSSL Message-Id: <3783360C-9CB7-4286-955B-7CFC2D68C8A5@gmail.com> Date: Thu, 12 Jun 2014 17:52:05 +0200 To: freebsd-isp@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) X-Mailer: Apple Mail (2.1878.2) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2014 15:52:11 -0000 Hi, I suppose we pretty much all went through some updates since April. So far, I have been rebooting the affected systems during the OpenSSL = updates to make sure the services are all properly restarted. I=92d like to switch to some kind of restarting only the affected = services, as that would minimize the downtimes from minutes to seconds. But how do you identify the affected applications and relate them to = scripts in /etc/rc.d /usr/local/etc/rc.d ? How are you guys handling it? - Identifying what=92s really linked to openssl / gnutls / whatever - Restarting gracefully at the right time Greetings, Florian=