Chris,
On 9.4.2014 14:53, Christopher Schultz wrote:
My recommendation would be to treat everything OpenSSL touches as
tainted and re-key anyway.
[I will assume we are talking about OpenSSH implementation.]
That dependins of the definition of "what OpenSSL touches". OpenSSL
consists of two libraries: libcrypto and libtls. OpenSSH implementation
depends on OpenSSL package, but only to utilize primitive crypro
functions from libcrypto library. Libtls library contains implementation
of TLS protocol, including Heartbeat functionality, but OpenSSH does not
utilize that library, AFAIK. Therefore, I stand by my earlier position
-- no need to rekey SSH keys.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org