[RndTbl] OpenSSL: patch it now!

Adam Thompson athompso at athompso.net
Thu Apr 10 18:28:08 CDT 2014

Most SSL certificate providers are allowing their customers to revoke &  reissue certificates at no charge as long as none of the details (including verification method) change.

On April 10, 2014 6:04:18 PM CDT, Trevor Cordes <trevor at tecnopolis.ca> wrote:
>Most people have probably heard about this already, but if not, *patch 
>your OpenSSL now!* and restart your daemons.
>For some reason you (sometimes) have to reload that page a few times 
>before it actually loads.
>This is the worst bug I've seen in like 10 years, insofar as you may
>been compromised already, but you don't (can't!) know it and they may
>sitting there with your keys, waiting to actually make use of them at a
>later date.
>From how I read it, the only way to be safe & sure is to make a new CSR
>and buy a new SSL cert?  Or are the cert vendors going to offer a
>for free?
>Roundtable mailing list
>Roundtable at muug.mb.ca

Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20140410/7092f758/attachment.html>

More information about the Roundtable mailing list