cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Mendel Mobach <mendel AT cacert.org>
- To: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>, iang AT iang.org
- Subject: Re: OpenSSL 'Heartbleed' bug
- Date: Tue, 8 Apr 2014 00:10:14 +0200
On 07 Apr 2014, at 23:19, ianG
<iang AT iang.org>
wrote:
> http://heartbleed.com/
>
> from that page:
>
> ================
> What versions of the OpenSSL are affected?
>
> Status of different versions:
>
> OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
> OpenSSL 1.0.1g is NOT vulnerable
> OpenSSL 0.9.8 branch is NOT vulnerable
>
> Bug was introduced to OpenSSL in December 2011 and has been out in the
> wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g
> released on 7th of April 2014 fixes the bug.
> ================
We run openssl-older, no problem at www and signer at least. I did not check
OCSP yet, but OCSP should not run over ssl.
If you need to upgrade your openssl, consider at least your ssl stuff
compromized. Generate new keys.
Kind regards,
Mendel Mobach
- OpenSSL 'Heartbleed' bug, ianG, 04/07/2014
- Re: OpenSSL 'Heartbleed' bug, Mendel Mobach, 04/07/2014
- Re: OpenSSL 'Heartbleed' bug, Michael Tänzer, 04/08/2014
- Re: OpenSSL 'Heartbleed' bug, Wytze van der Raay, 04/08/2014
- Re: OpenSSL 'Heartbleed' bug, Mendel Mobach, 04/07/2014
Archive powered by MHonArc 2.6.18.