Getting a grasp on Heartbleed and IDPs
Cantor, Scott
cantor.2 at osu.edu
Fri Apr 11 11:47:25 EDT 2014
On 4/11/14, 11:30 AM, "Dave Perry" <Dave.Perry at hull-college.ac.uk> wrote:
>The 2 SPs are configured to talk to our IdP - which is under tomcat which
>is behind Apache with OpenSSL 0.9.8something.
>They've never touched any other IdP in their existence.
There's also metadata fetches. I haven't come up with anything else the SP
contacts, unless you do unusual things with it (fetching remote CRLs or
config files), but I haven't really crawled every line of code.
Since some people do firewall off their SP servers, I think it's likely
that I'm not overlooking anything outbound.
-- Scott
More information about the users
mailing list