OpenSSL leaks server-Keys / The Heartbleed Bug
Philipp
e1c1bac6253dc54a1e89ddc046585792 at posteo.net
Fri Apr 11 16:40:07 UTC 2014
Am 11.04.2014 18:34 schrieb Jim Ohlstein:
> Thanks for the link. On a quick read it seems their conclusion is
> that while it is *extremely* unlikely that your private key(s)
> was/were stolen using nginx, you should still re-key and revoke. While
> comforting, not really of any great practical help.
Adding info from
http://arstechnica.com/security/2014/04/heartbleed-vulnerability-may-have-been-exploited-months-before-patch/
it looks like for tests so far only freebsd/apache2 is a combo where
private key data could leak.
> Nice that CloudFlare (and no doubt others) received significant
> advance warning while the rest of us were left vulnerable. Just
> sayin...
Really.. those with deep pockets get warning "in advance". Blah.
More information about the nginx
mailing list