[CAcert.org] Information about Heartbleed bug in OpenSSL 1.0.1 up to 1.0.1f
10.04.2014 - Lesezeit: 2 Minuten
Heute habe ich eine E-Mail von CAcert bekommen.
What to do?
- Ensure that you upgrade your system to a fixed OpenSSL version (1.0.1g or above).
- Only then create new keys for your certificates.
- Revoke all certificates, which may be affected.
- Check what services you have used that may have been affected within the last two years.
- Wait until you think that those environments got fixed.
- Then (and only then) change your credentials for those services. If you do it too early, i.e. before the sites got fixed, your data may be leaked, again. So be careful when you do this.
Was ist zu tun?
Tags:
SSL