D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

 

On Tue, 8 Apr 2014 08:10:20 +0000, Martijn Grooten
<martijn@xxxxxxxxxxxxxxxxxx> wrote:
> Things rarely get more serious than this:
> 
>
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
> http://heartbleed.com/
> 
> Martijn.

I've spent the morning updating our Debian servers at work, but there's
something I wasn't entirely clear about.  According to the Ars article the
Private Keys can be recovered, am I right in thinking this would affect SSL
keys, TLS keys on e-mail servers and keys used on OpenVPN?

Rob

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq