[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- From: Simon Waters <simon@xxxxxxxxxxxxxx>
- Date: Tue, 08 Apr 2014 18:43:40 +0100
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:References:To:MIME-Version:From:Date:Message-ID; bh=whPmbIS+Vnynpxr3J6fkuoh+CeY1kTAJgsbHyMZYzq4=; b=RvfTZe9gde9in+/LJTNZCLXLLmluuINhKxKnCzem6So6TAtSIo8SASbAU7gqLSLM4QX0vNQ82EHqXXGXbqGlK636F/Xe08lVanPoHyuUoid98HTx0lYAwfP4/W7CUUthqW+NglvPm9IfXJ3FwjCxCV9rT8BH5cL8xuPN8azfiFc=;
- Openpgp: id=8F455606
On 08/04/14 11:03, Philip Hudson wrote:
>
> In case it's not obvious, that means taking the affected systems
> offline and airgapped while you regenerate keys.
This is not obvious to me.
Once patched, the situation is the same as setting up TLS, and I'm not
aware of why you might want to airgap a system to do this, since the
secret key is kept on the server in question anyway (assuming fancy
hardware is not available), all the airgap would appear to do is reduce
available entropy.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
