You must Sign In to post a response.
  • Category: Blog and websites

    I'm using OpenSSL certificates & keys for SSL/TLS encryption. Are my sites affected by Heartbleed?

    Worried about your website being affected by Heartbleed due to using Open SSL certificates & keys? Get quick help from this Ask Expert page to know whether your website could be vulnerable to an attack by Heartbleed & how to deal with it.

    I'm using OpenSSL certificates and keys for SSL/TLS encryption in my websites. I want to know whether my websites are affected by Heartbleed? It is the internet vulnerability which had affected many websites on the internet and I also want to avoid the browsing and the use of the websites from Google which are affected by the Heartbleed. How can I find the Heartbleed affected websites without visiting them? Experts, please guide me to surf the internet safe and for a secure transaction!
  • Answers

    1 Answers found.
  • You are using OpenSSL certificates and keys for SSL/TLS encryption in your websites. You want to know whether your websites are affected by Heartbleed.Then my answer is OpenSSL vulnerability was disclosed which has been called one of the worst security holes in recent internet history. The bug, called the Heartbleed bug, was introduced in OpenSSL version 1.0.1. It has been in the wild and is patched with OpenSSL version.The bug allows any attacker to read the memory of a vulnerable host, which means that any keys that have been used on a host with a vulnerable version of OpenSSL should be considered compromised. Distributions have been updating their packages and pushing out updates, but users need to pull down the most recent packages and revoke any previous keys based on insecure versions.

    To protect do following things :-
    >> Update Your System
    >> Checking Your Version Numbers
    >> Revoking and Reissuing Your SSL Certs/Keys

    It's worth pointing out that OpenSSH is not affected by the OpenSSL bug. While OpenSSH does use openssl for some key-generation functions, it does not use the TLS protocol . So there is no need to worry about SSH being compromised, though it is still a good idea to update openssl to 1.0.1g or 1.0.2-beta2

  • Sign In to post your comments