Heart bleed; OpenSSL security issue

  • Written by
    Herman Bos
  • Published on

Last night an important security vulnerability was made public with corresponding security updates. It risks exposing private keys when vulnerable.

OpenSSL was vulnerable starting from their OpenSSL 1.0.1 release on 14th of March 2012 till OpenSSL 1.0.1g released on 7th of April 2014. Two security teams independently reported this issue and it’s safe to assume others did as well. On top of that it’s not possible to trace whether you were successfully exploited.

OSSO status

  • All customer environments managed by us are fully updated by now.
  • We scanned all our prefixes and notified customers which manage their own environments.
  • Replaced all SSL keys and certificates
  • Revoked all replaced certificates.


updated on April 22th will last status and more information


Back to overview Newer post: ubuntu trusty / git diff color Older post: Internet connectivity issue. (31/3/2014)