OpenSSL heartbleed bug / Shibboleth implications
Ian Young
ian at iay.org.uk
Tue Apr 8 11:35:16 EDT 2014
On 8 Apr 2014, at 16:23, Nickles, Brent <bnick001 at umaryland.edu> wrote:
> I'm trying to wrap my head around all of this, I've seen some tools http://possible.lv/tools/hb/ to check the server itself, but this is limited to http and after patching, it does show the server is secure.
> The tool is, however, limited to testing against HTTPS (web) servers. So, even though your Web server might be OK, I'm assuming that anything that linked against OpenSSL might need to be addressed??? My concern/question is should we reinstall shib and/or metadata on SP and the IdP side to be safe?
You'd only need to reinstall things layered on top of OpenSSL if they were statically linked, which is pretty rare. So upgrading OpenSSL and then restarting all potentially affected services (or just rebooting, to be doubly sure) should be all that's required in most cases.
-- Ian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5943 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20140408/0a6a8c90/attachment.bin
More information about the users
mailing list