You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@trafficserver.apache.org by Igor Galić <ig...@apache.org> on 2014/04/09 19:02:13 UTC

[NOTICE]: SSL Heartbeat Bug

Hi folks,

I'm pretty sure most of you have heard, or read by now,
but I'd still like to put it out there for completeness.

There's a newly discovered OpenSSL Bug. It affects new
versions of OpenSSL 1.0.1 through 1.0.1f, which implement
the heartbeat extension. The bug has been nick-named
heart-bleed, and there's a complete write-up here:

     http://heartbleed.com/

If you are using Traffic Server as SSL end-point *or*
as client with these vulnerable versions of OpenSSL, we
highly urge you to upgrade your OpenSSL library[1]. If you
are using it as SSL end-point, we additionally advise
you to roll out new private keys and re-issue certificates.

Thank you very much, and stay safe,

-- The Apache Traffic Server Team.


[1]: This has hopefully been handled by your OS vendor already