Page 1 of 1
heartbleed
Posted:
Wed Apr 09, 2014 2:55 pm
by josh
the spamgourmet server was using a version of openssl with the heartbleed bug. A user reported that to me and I patched it yesterday.
Re: heartbleed
Posted:
Wed Apr 09, 2014 3:07 pm
by josh
I should add - I updated the mail server certificate (self-signed and used for TLS), but I did *not* yet update the website certificate, since I have to get that from the CA. Looking into that.
Re: heartbleed
Posted:
Sat Apr 12, 2014 1:03 pm
by josh
well, that took a while. The SSL certificate folks are really busy, as you might imagine. Anyway, as of now the website has a new certificate. Now's a good time to change your password.
Re: heartbleed
Posted:
Wed Apr 16, 2014 10:10 pm
by kolobok
Hello!
Would you please confirm that they have issued the new certificate with almost the same attributes (including issue and expiry dates) except serial and thumbprints?
And the new certificate has thumbprint 0a fe 51 3e 85 fc 94 b4 ae 26 40 65 45 93 6f 4e 49 5e f9 ee ?
Re: heartbleed
Posted:
Mon Apr 21, 2014 10:24 pm
by josh
yes - they have
Re: heartbleed
Posted:
Fri Jun 13, 2014 3:13 pm
by lwc
What about the newly discovered bug that surpassed heartbleed?
Re: heartbleed
Posted:
Thu Jun 19, 2014 12:21 am
by josh
That's patched too. I don't think it is as bad as heartbleed, really.