perfsonar-user - [perfsonar-user] OpenSSL update for PS nodes
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Mark Tinberg <>
- To:
- Subject: [perfsonar-user] OpenSSL update for PS nodes
- Date: Tue, 08 Apr 2014 11:28:40 -0500
Any recently updated perfSONAR 3.3 node is likely vulnerable to a recently
discovered issue in OpenSSL 1.0.1 which discloses the private key, hosts
which have the issue will need to have a new private key generated and signed
after replacing the SSL library. Data which was transmitted over SSL from
the time OpenSSL 1.0.1 was installed (which was available 2013-12-03) such as
passwords which could have been intercepted may be decrypted after the fact
using the private key (unless the SSLCipherSuite has been modified to only
allow ciphers which have Forward Secrecy).
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
further information
http://heartbleed.com/
—
Mark Tinberg, System Administrator
Division of Information Technology - Network Services
University of Wisconsin - Madison
- [perfsonar-user] OpenSSL update for PS nodes, Mark Tinberg, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jason Zurawski, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jim Warner, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jason Zurawski, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jim Warner, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jason Zurawski, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jim Warner, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jason Zurawski, 04/08/2014
Archive powered by MHonArc 2.6.16.