Clovertech

Open SSL and Heartbleed

Clovertech Forums Read Only Archives Cloverleaf Cloverleaf Open SSL and Heartbleed

  • Creator
    Topic
  • May 18, 2014 at 6:59 am #54218
    Paul Marriott
    Participant

      Does anyone know if the recent http://heartbleed.com/ Heartbleed Bug is an issue on any of the Cloverleaf installations on ALL modules.

      We are running RHEL Linux so assume the standard patch from Red Hat will work without adversely impacting our HTTPS, IB and FTPS (S)FTP intrefaces.

    • Creator
      Topic
    Viewing 0 reply threads
    • Author
      Replies
      • May 19, 2014 at 2:36 am #80622
        Elisha Gould
        Participant

          It’s dependant on your openssl version. Versions 1.0.1 through 1.0.1f are affected.

          To check execute the following.

          Code:

          openssl version

          This issue mainly affects external (internet) facing servers that do not have ip range restrictions for clients. It does not affect client connections to other servers (although those servers may have been compromised. It is up to those vendors to check).

          If you have an external facing server and the openssl version is or has been one of the affected versions, then it may be safer to re-issue the certificates and change the passwords for the users that use the interface.

      • Author
        Replies
      Viewing 0 reply threads
      • The forum ‘Cloverleaf’ is closed to new topics and replies.