perfsonar-user - Re: [perfsonar-user] OpenSSL update for PS nodes
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Jason Zurawski <>
- To: Mark Tinberg <>
- Cc:
- Subject: Re: [perfsonar-user] OpenSSL update for PS nodes
- Date: Tue, 8 Apr 2014 09:31:16 -0700
Thank you for the post Mark, you beat my own authorship of a note by about 5
minutes. We will be passing along information from the upstream vendor
shortly.
Thanks;
-jason
On Apr 8, 2014, at 9:28 AM, Mark Tinberg
<>
wrote:
> Any recently updated perfSONAR 3.3 node is likely vulnerable to a recently
> discovered issue in OpenSSL 1.0.1 which discloses the private key, hosts
> which have the issue will need to have a new private key generated and
> signed after replacing the SSL library. Data which was transmitted over
> SSL from the time OpenSSL 1.0.1 was installed (which was available
> 2013-12-03) such as passwords which could have been intercepted may be
> decrypted after the fact using the private key (unless the SSLCipherSuite
> has been modified to only allow ciphers which have Forward Secrecy).
>
> http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
>
> further information
>
> http://heartbleed.com/
>
> —
> Mark Tinberg, System Administrator
> Division of Information Technology - Network Services
> University of Wisconsin - Madison
>
- [perfsonar-user] OpenSSL update for PS nodes, Mark Tinberg, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jason Zurawski, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jim Warner, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jason Zurawski, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jim Warner, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jason Zurawski, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jim Warner, 04/08/2014
- Re: [perfsonar-user] OpenSSL update for PS nodes, Jason Zurawski, 04/08/2014
Archive powered by MHonArc 2.6.16.