Page 1 of 1

heartbleed

PostPosted: Wed Apr 09, 2014 2:55 pm
by josh
the spamgourmet server was using a version of openssl with the heartbleed bug. A user reported that to me and I patched it yesterday.

Re: heartbleed

PostPosted: Wed Apr 09, 2014 3:07 pm
by josh
I should add - I updated the mail server certificate (self-signed and used for TLS), but I did *not* yet update the website certificate, since I have to get that from the CA. Looking into that.

Re: heartbleed

PostPosted: Sat Apr 12, 2014 1:03 pm
by josh
well, that took a while. The SSL certificate folks are really busy, as you might imagine. Anyway, as of now the website has a new certificate. Now's a good time to change your password.

Re: heartbleed

PostPosted: Wed Apr 16, 2014 10:10 pm
by kolobok
Hello!

Would you please confirm that they have issued the new certificate with almost the same attributes (including issue and expiry dates) except serial and thumbprints?
And the new certificate has thumbprint 0a fe 51 3e 85 fc 94 b4 ae 26 40 65 45 93 6f 4e 49 5e f9 ee ?

Re: heartbleed

PostPosted: Mon Apr 21, 2014 10:24 pm
by josh
yes - they have

Re: heartbleed

PostPosted: Fri Jun 13, 2014 3:13 pm
by lwc
What about the newly discovered bug that surpassed heartbleed?

Re: heartbleed

PostPosted: Thu Jun 19, 2014 12:21 am
by josh
That's patched too. I don't think it is as bad as heartbleed, really.