OpenSSL TLS Heartbeat Security Issue
dnewman at networktest.com
Wed Apr 9 16:24:15 UTC 2014
On 4/8/14, 11:48 AM, Michael Grimm wrote:
> Matthew Seaman wrote:
>> You need to install the patched library and restart all the software
>> that uses it for TLS, *and* *then* (depending on degree of paranoia)
>> get all of your SSL certs re-issued against a different private key.
>> Your CA may or may not charge you for doing that.
> Thanks for clarifying. Ok, and I did already start to renew ssh keys.
> That seemed to be overkill, though ;-) Anyway, it's ok to renew those
> after some longer time.
You meant SSL keys, yes? These should definitely be updated after
patching to fix the heartbleed vulnerability.
This vulnerability has existed for a couple of years, and it doesn't
leave log entries or other artifacts. If you're concerned about
passwords that were protected with SSL, it's time to change those too.
More information about the freebsd-questions