Re: SSL and heartbleed ?

To: Giorgio Pioda <gfwp@ticino.com>
Cc: debian-edu@lists.debian.org
Subject: Re: SSL and heartbleed ?
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Sat, 12 Apr 2014 22:53:01 +0000
Message-id: <[🔎] 20140412225301.Horde.HRXkR6U1choAfW9MQKxZ0w1@mail.das-netzwerkteam.de>
In-reply-to: <[🔎] 20140411085506.GA14668@macchianera.pioderia.lan>
References: <[🔎] 20140411085506.GA14668@macchianera.pioderia.lan>

Hi Giorgio,

On  Fr 11 Apr 2014 10:55:06 CEST, Giorgio Pioda wrote:

Hi,

since the discovery of the heartbleed vulnerability...

Is it necessary to react? And how? I guess a new SSL cert
would be a good idea.

Best regards

Giorgio

Yes, in theory, you need to recreate the HTTPd's and the LDAPd's SSLcertificates. AFAICT SSH keys are not affected by the bug as the (asfar as I have heard) the heartbeat code is not linked against inOpenSSH [1].


Mike

[1] http://superuser.com/questions/739349/does-heartbleed-affect-ssh-keys
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Attachment: pgp6WgTrAk7uv.pgp
Description: Digitale PGP-Signatur

Reply to:

References:
- SSL and heartbleed ?
  - From: Giorgio Pioda <gfwp@ticino.com>

Prev by Date: Re: Debian Edu Developer gathering in Oslo May 10-11, 2014
Next by Date: Content and translation status for the debian-edu-squeeze manual
Previous by thread: SSL and heartbleed ?
Next by thread: Debian Edu Developer gathering in Oslo May 10-11, 2014
Index(es):
- Date
- Thread