Date: Tue, 08 Apr 2014 21:29:21 -0700 From: David Newman <dnewman@networktest.com> To: freebsd-questions@freebsd.org Subject: Re: OpenSSL TLS Heartbeat Security Issue Message-ID: <5344CCA1.7090303@networktest.com> In-Reply-To: <20140408184816.C64B0165B888@sulu.fritz.box> References: <20140408134425.Horde.azH0NUU2X8TUmV9kVtS2MA2@d2ux.org> <53440667.8060203@qeng-ho.org> <20140408172645.58B38165B369@sulu.fritz.box> <53443AF1.2070404@FreeBSD.org> <20140408184816.C64B0165B888@sulu.fritz.box>
index | next in thread | previous in thread | raw e-mail
On 4/8/14, 11:48 AM, Michael Grimm wrote: > Matthew Seaman wrote: > >> You need to install the patched library and restart all the software >> that uses it for TLS, *and* *then* (depending on degree of paranoia) >> get all of your SSL certs re-issued against a different private key. >> Your CA may or may not charge you for doing that. > > Thanks for clarifying. Ok, and I did already start to renew ssh keys. > That seemed to be overkill, though ;-) Anyway, it's ok to renew those > after some longer time. You meant SSL keys, yes? These should definitely be updated after patching to fix the heartbleed vulnerability. This vulnerability has existed for a couple of years, and it doesn't leave log entries or other artifacts. If you're concerned about passwords that were protected with SSL, it's time to change those too. dnhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5344CCA1.7090303>