OpenSSL TLS Heartbeat Security Issue

Matthew Seaman matthew at
Tue Apr 8 18:07:55 UTC 2014

On 08/04/2014 18:26, Michael Grimm wrote:
> Does one need to recompile all ports that depend on that openssl port?
> Or, would it be sufficient to restart all relevant server processes
> after upgrading to 1.0.1_10?

You need to install the patched library and restart all the software
that uses it for TLS, *and* *then* (depending on degree of paranoia) get
all of your SSL certs re-issued against a different private key.  Your
CA may or may not charge you for doing that.

In principle you could have a statically linked copy of nginx or slapd
or whatever that would need recompiling, but in practice that would be a
pretty bizarre thing to have on a normal server or desktop machine.



Dr Matthew J Seaman MA, D.Phil.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list