Main Menu
Sub Menu
- Article Ref
- 4079-DJLZ-2087
- Written By
- Josh Olson
- Date Created
- Wed, 9th Apr 2014
- Updated By
- Josh Olson
- Date Modified
- Wed, 9th Apr 2014
Heartbleed OpenSSL Bug
Question
Is CommuniGate Pro vulnerable to the OpenSSL Bug discussed here: https://www.openssl.org/news/secadv_20140407.txt
Answer
CommuniGate Pro does not use OpenSSL (not the library itself, nor any parts of the source code) and does not support the Heartbeat extension (RFC6520). It was the improper implementation of this extension in OpenSSL that lead to the vulnerability described in CVE-2014-0160.
In short, the SSL/TLS implementation in CommuniGate Pro is not affected by this OpenSSL bug.
However, if you are using certificates (wildcard certificates, certificates with alternative names) on your CommuniGate Pro server that are shared with other software (e.g. apache web servers) that might be using buggy OpenSSL versions, the private key could potentially have been leaked by that other software. In that case, it's better to consider re-generating the private key and obtaining a new certificate.
Article Comments
There are currently no comments.