Date: Tue, 08 Apr 2014 21:29:21 -0700 From: David Newman <dnewman@networktest.com> To: freebsd-questions@freebsd.org Subject: Re: OpenSSL TLS Heartbeat Security Issue Message-ID: <5344CCA1.7090303@networktest.com> In-Reply-To: <20140408184816.C64B0165B888@sulu.fritz.box> References: <20140408134425.Horde.azH0NUU2X8TUmV9kVtS2MA2@d2ux.org> <53440667.8060203@qeng-ho.org> <20140408172645.58B38165B369@sulu.fritz.box> <53443AF1.2070404@FreeBSD.org> <20140408184816.C64B0165B888@sulu.fritz.box>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/8/14, 11:48 AM, Michael Grimm wrote: > Matthew Seaman wrote: > >> You need to install the patched library and restart all the software >> that uses it for TLS, *and* *then* (depending on degree of paranoia) >> get all of your SSL certs re-issued against a different private key. >> Your CA may or may not charge you for doing that. > > Thanks for clarifying. Ok, and I did already start to renew ssh keys. > That seemed to be overkill, though ;-) Anyway, it's ok to renew those > after some longer time. You meant SSL keys, yes? These should definitely be updated after patching to fix the heartbleed vulnerability. This vulnerability has existed for a couple of years, and it doesn't leave log entries or other artifacts. If you're concerned about passwords that were protected with SSL, it's time to change those too. dn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5344CCA1.7090303>