It's best to be conservative. Rather that than having your certificates (and everything else) compromised.
Stefan On 9 April 2014 20:36, Linda Toth <ltt...@alaska.edu> wrote: > We patched our backend servers yesterday and are in the process of > replacing certificates today. > > We did not have openSSL certs for the front end in any case, but they are > being conservative so that anyone who already had exploited the > vulnerability would be cut off. > > Right on about commercial benefits from this event. > > L > > Linda Toth > University of Alaska - Office of Information Technology (OIT) - Identity > and Access Management > 910 Yukon Drive, Suite 103 > Fairbanks, Alaska 99775 > Tel: 907-450-8320 > Fax: 907-450-8381 > linda.t...@alaska.edu | www.alaska.edu/oit/ > > > > On Wed, Apr 9, 2014 at 11:26 AM, Rex Roof <r...@wccnet.edu> wrote: > >> We have patched our back end OSes against openssl and we're replacing the >> purchased certificate on the front end of our CAS service. >> this openssl vulnerability is going to be a windfall for SSL CA signers! >> >> - Rex Roof >> WCC Systems Engineer <r...@wccnet.edu> >> 734-973-3478 >> >> >> On Wed, Apr 9, 2014 at 3:12 PM, Linda Toth <ltt...@alaska.edu> wrote: >> >>> Thanks - that summarizes my understanding. >>> >>> In our case, that does apply. But I then wondered about native CAS as >>> well. >>> >>> Regards, >>> >>> Linda >>> >>> -- >>> >>> Linda Toth >>> University of Alaska - Office of Information Technology (OIT) - Identity >>> and Access Management >>> 910 Yukon Drive, Suite 103 >>> Fairbanks, Alaska 99775 >>> Tel: 907-450-8320 >>> Fax: 907-450-8381 >>> linda.t...@alaska.edu | www.alaska.edu/oit/ >>> >>> >>> >>> On Wed, Apr 9, 2014 at 11:04 AM, Carlos Fernandez <cfern...@sju.edu>wrote: >>> >>>> IIUC, it depends on the container. In the case of Tomcat, the APR-based >>>> connector uses OpenSSL. Similarly, using Apache in front of Tomcat will >>>> bring OpenSSL into the mix as well. >>>> >>>> Best regards, >>>> -- >>>> Carlos M. Fernández >>>> Sr. Enterprise Systems Admin >>>> Saint Joseph's University >>>> W: 610-660-1501 >>>> M: 215-316-1193 >>>> E: cfern...@sju.edu >>>> >>>> On Apr 9, 2014, at 14:53, Linda Toth <ltt...@alaska.edu> wrote: >>>> >>>> Hi >>>> >>>> Does any component of CAS rely on any Open SSL libraries. >>>> >>>> Linda >>>> >>>> -- >>>> Linda Toth >>>> University of Alaska - Office of Information Technology (OIT) - >>>> Identity and Access Management >>>> 910 Yukon Drive, Suite 103 >>>> Fairbanks, Alaska 99775 >>>> Tel: 907-450-8320 >>>> Fax: 907-450-8381 >>>> linda.t...@alaska.edu | www.alaska.edu/oit/ >>>> >>>> -- >>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>> cfern...@sju.edu >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> -- >>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>> ltt...@alaska.edu >>>> >>>> >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org as: r...@wccnet.edu >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> ltt...@alaska.edu >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to cas-user@lists.jasig.org as: o...@eons.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user