OpenSSL leaks server-Keys / The Heartbleed Bug

Jim Ohlstein jim at ohlste.in
Fri Apr 11 16:34:51 UTC 2014


Hello,

On 4/11/14, 12:11 PM, Valentin V. Bartenev wrote:
> "Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed?"
> @ http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed
>

Thanks for the link. On a quick read it seems their conclusion is that 
while it is *extremely* unlikely that your private key(s) was/were 
stolen using nginx, you should still re-key and revoke. While 
comforting, not really of any great practical help.

Nice that CloudFlare (and no doubt others) received significant advance 
warning while the rest of us were left vulnerable. Just sayin...

-- 
Jim Ohlstein


"Never argue with a fool, onlookers may not be able to tell the 
difference." - Mark Twain



More information about the nginx mailing list