Aryeh Friedman wrote: > What components (if any) are vulnerable to heartbleed?
OpenStack in itself is not vulnerable to heartbleed, however OpenStack makes use of the host SSL library (libssl) and that one should be properly patched. If you have a production deployment of OpenStack, you should consider the SSL private keys for your SSL endpoints potentially compromised and revoke / renew them (primary key material). Once you've done that, you should warn your users that passwords and tokens used over that previously-flawed secure connection could have been compromised and encourage them to change their own passwords and expire existing tokens (secondary key material). Regards, -- Thierry Carrez (ttx) _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
