Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
April 9, 2014, 8:26 am
rate this thread
The openssl heartbleed bug is server-side and enables an attacker to
read memory that potentially contains the secret key associated with the
X.509 certificate the server presents.
It doesn't effect stunnel directly but you should consider the service
you're connecting to as potentially compromised. You can check to see
if they've recently issued a new certificate like this:
Download the server-side certificate
openssl s_client -connect : -showcerts
Check the validity dates:
openssl x509 -noout -in -dates
This doesn't prove they have fixed the problem but, if the cert is older
than 7th April, it's probable that they have not. It's not bombproof
though as other systems besides openssl might be used for the TLS
transaction so their private keys have never been vulnerable.
Key fingerprint = 1CD9 95E1 E9CE 80D6 C885 B7EB B471 80D5 2287 61E7
sub 4096R/4ABF07E3 2012-02-11 [expires: 2013-02-10]
- » How does it feel, being punk'd (Open SSL Heartbleed) by those of your own kind?
- — Next thread in » Secure Shell Forum
- » Putty and multiple tunnels - increasing system process handle count dramatically
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum