RE: OpenSSL Security Advisory

Wed, 09 Apr 2014 05:53:51 -0700 

Hi Ted,

> -----Original Message-----
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> 
> How do I determine whether or not the web servers I run are affected?
> They are Apache 2.4, built for 64 bit Windows and downloaded from
> Apachelounge.  I have no idea what version of openssl it was built with.  Does
> anyone here know if the feature that introduces the risk can be turned off,
> without introducing other risks?  If so, how?

you can check for yourself:
- http://filippo.io/Heartbleed/
- http://possible.lv/tools/hb/
- https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl

> Also, could the security keys we bought have been compromised?

Certainly yes. You should replace them. I read today that some CAs offer free 
replacements.


HTH,
Patrick Eisenacher
:��I"Ϯ��r�m����
(����Z+�K�+����1���x��h����[�z�(����Z+���f�y�������f���h��)z{,���

Reply via email to