smaller reset larger        English         

Main Menu

All times are in GMT -8 (DST) :: The time is now 9:29 pm.

Sub Menu

Article Data
Article Ref
4079-DJLZ-2087
Written By
Josh Olson
Date Created
Wed, 9th Apr 2014
Updated By
Josh Olson
Date Modified
Wed, 9th Apr 2014
 
(Lost?)

   Heartbleed OpenSSL Bug

Question 

 Is CommuniGate Pro vulnerable to the OpenSSL Bug discussed here: https://www.openssl.org/news/secadv_20140407.txt

Answer 

CommuniGate Pro does not use OpenSSL (not the library itself, nor any parts of the source code) and does not support the Heartbeat extension (RFC6520). It was the improper implementation of this extension in OpenSSL that lead to the  vulnerability described in CVE-2014-0160. 

In short, the SSL/TLS implementation in CommuniGate Pro is not affected by this OpenSSL bug. 

However, if you are using certificates (wildcard certificates, certificates with alternative names) on your CommuniGate Pro server that are shared with other software (e.g. apache web servers) that might be using buggy OpenSSL versions, the private key could potentially have been leaked by that other software. In that case, it's better to consider re-generating the private key and obtaining a new certificate.

How Useful Was This Article?      (Rating: 100%    Votes: 13)  

Select a Rating

Article Comments 

There are currently no comments.