Hi Giorgio, On Fr 11 Apr 2014 10:55:06 CEST, Giorgio Pioda wrote:
Hi, since the discovery of the heartbleed vulnerability... Is it necessary to react? And how? I guess a new SSL cert would be a good idea. Best regards Giorgio
Yes, in theory, you need to recreate the HTTPd's and the LDAPd's SSL certificates. AFAICT SSH keys are not affected by the bug as the (as far as I have heard) the heartbeat code is not linked against in OpenSSH [1].
Mike [1] http://superuser.com/questions/739349/does-heartbleed-affect-ssh-keys -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
pgp6WgTrAk7uv.pgp
Description: Digitale PGP-Signatur