trafficserver-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <iga...@apache.org>
Subject [NOTICE]: SSL Heartbeat Bug
Date Wed, 09 Apr 2014 17:02:13 GMT

Hi folks,

I'm pretty sure most of you have heard, or read by now,
but I'd still like to put it out there for completeness.

There's a newly discovered OpenSSL Bug. It affects new
versions of OpenSSL 1.0.1 through 1.0.1f, which implement
the heartbeat extension. The bug has been nick-named
heart-bleed, and there's a complete write-up here:

     http://heartbleed.com/

If you are using Traffic Server as SSL end-point *or*
as client with these vulnerable versions of OpenSSL, we
highly urge you to upgrade your OpenSSL library[1]. If you
are using it as SSL end-point, we additionally advise
you to roll out new private keys and re-issue certificates.

Thank you very much, and stay safe,

-- The Apache Traffic Server Team.


[1]: This has hopefully been handled by your OS vendor already

Mime
View raw message