From owner-freebsd-questions@FreeBSD.ORG Tue Apr 8 18:48:48 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B95344B6 for ; Tue, 8 Apr 2014 18:48:48 +0000 (UTC) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [87.98.149.189]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 82FD314B3 for ; Tue, 8 Apr 2014 18:48:48 +0000 (UTC) Received: from sulu.fritz.box (p5DDC2FE3.dip0.t-ipconnect.de [93.220.47.227]) by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 3g3Hgj2KxPzTHg for ; Tue, 8 Apr 2014 20:48:17 +0200 (CEST) To: From: Michael Grimm Subject: Re: OpenSSL TLS Heartbeat Security Issue In-Reply-To: <53443AF1.2070404@FreeBSD.org> References: <20140408134425.Horde.azH0NUU2X8TUmV9kVtS2MA2@d2ux.org> <53440667.8060203@qeng-ho.org> <20140408172645.58B38165B369@sulu.fritz.box> <53443AF1.2070404@FreeBSD.org> Date: Tue, 8 Apr 2014 20:48:16 +0200 User-Agent: slrn/pre1.0.2-8/mm/ao (Darwin) Message-Id: <20140408184816.C64B0165B888@sulu.fritz.box> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 18:48:48 -0000 Matthew Seaman wrote: > You need to install the patched library and restart all the software > that uses it for TLS, *and* *then* (depending on degree of paranoia) > get all of your SSL certs re-issued against a different private key. > Your CA may or may not charge you for doing that. Thanks for clarifying. Ok, and I did already start to renew ssh keys. That seemed to be overkill, though ;-) Anyway, it's ok to renew those after some longer time. Regards, Michael