Getting a grasp on Heartbleed and IDPs
kwessel at illinois.edu
Thu Apr 10 11:53:44 EDT 2014
We've already taken actions on our IDP, but I'm trying to get a full understand of the potential impact while we were vulnerable.
If the IDP's private key was exposed (through connections to Apache connections to 8443), what could a hacker do with it? Could they intercept assertaions from our IDP and decrypt them? In short, what is the IDP key and cert used for?
My apologies if I missed this already discussed on the list. I tried to catch up on things, but I might have overlooked this answer.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users