Arethusa forum

Arethusa discussion forums.

You are not logged in.

Announcement

Registration is not required to post, but is required to post links.

#1 2014-04-08 12:32:55

Anonymous
Anonymous

OpenSSL hearbeat leak

Hi

Should we be concerned about the heartbleed bug? (heartbleed.com)
(With regards to arethusa of course.)

#2 2014-04-08 14:27:49

Zero
Moderator

Re: OpenSSL hearbeat leak

The vast majority of our servers (including the web servers) run on a non-vulnerable OpenSSL version.

Some recent OpenVPN servers had a vulnerable version. We have updated them and restarted the services.
However it isn't clear at the moment if OpenVPN was really affected by this bug. OpenVPN uses only basic parts of OpenSSL and is usually not affected by OpenSSL bugs.

Offline

#3 2014-04-08 19:01:49

Anonymous
Anonymous

Re: OpenSSL hearbeat leak

Thanks, let’s hope OpenVPN is not affected!

#4 2014-04-10 21:18:59

Zero
Moderator

Re: OpenSSL hearbeat leak

OpenVPN is affected, but at the moment no one has seen an exploit for openvpn:
https://arethusa.co/forum/viewtopic.php?id=829

Offline

Board footer

Powered by FluxBB