OpenSSL leaks server-Keys / The Heartbleed Bug
Jim Ohlstein
jim at ohlste.in
Fri Apr 11 16:34:51 UTC 2014
Hello,
On 4/11/14, 12:11 PM, Valentin V. Bartenev wrote:
> "Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed?"
> @ http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed
>
Thanks for the link. On a quick read it seems their conclusion is that
while it is *extremely* unlikely that your private key(s) was/were
stolen using nginx, you should still re-key and revoke. While
comforting, not really of any great practical help.
Nice that CloudFlare (and no doubt others) received significant advance
warning while the rest of us were left vulnerable. Just sayin...
--
Jim Ohlstein
"Never argue with a fool, onlookers may not be able to tell the
difference." - Mark Twain
More information about the nginx
mailing list