[Dovecot] Heartbleed openssl vulnerability?
Robert Schetterer
rs at sys4.de
Wed Apr 9 17:18:45 UTC 2014
Am 09.04.2014 19:10, schrieb Reindl Harald:
>
> Am 09.04.2014 19:03, schrieb Robert Schetterer:
>> Am 09.04.2014 18:42, schrieb Charles Marcus:
>>> What are the ramifications of changing this on a production server? Any
>>> possible problems/gotchas? user impact?
>>
>> in my understanding change ssl key and crts , do all needed ssl updates
>> keep performance mode, if unsure change all passwords too
>
> passwords too, in security mode only keys would have been
> affected and since this is a attack which no single
> indication that it ever happened on a machine there
> is no likely or unlikely
there should no issue if you havent used vulnerable openssl version
i.e ubuntu lucid has 0.9.x which is not reported vulnerable
anyway ,change passwords from time to time is always clever
>
>
>
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list