OpenSSL leaks server-Keys / The Heartbleed Bug

Philipp e1c1bac6253dc54a1e89ddc046585792 at posteo.net
Fri Apr 11 16:40:07 UTC 2014


Am 11.04.2014 18:34 schrieb Jim Ohlstein:
> Thanks for the link. On a quick read it seems their conclusion is
> that while it is *extremely* unlikely that your private key(s)
> was/were stolen using nginx, you should still re-key and revoke. While
> comforting, not really of any great practical help.

Adding info from 
http://arstechnica.com/security/2014/04/heartbleed-vulnerability-may-have-been-exploited-months-before-patch/
it looks like for tests so far only freebsd/apache2 is a combo where 
private key data could leak.

> Nice that CloudFlare (and no doubt others) received significant
> advance warning while the rest of us were left vulnerable. Just
> sayin...

Really.. those with deep pockets get warning "in advance". Blah.



More information about the nginx mailing list