[Dovecot] Heartbleed openssl vulnerability?

Jakob Curdes jc at info-systems.de
Tue Apr 8 19:44:50 UTC 2014


> Be aware that your private key might already have leaked without any 
> notice. So your best bet is to withdraw your certificates and renew 
> all keys/certificates on the affected machines.
Yes, I suppose by now everybody has read the general hints on 
heartbleed.com ; it might even be that previous traffic can be 
decrypted. You need to change private keys, certificates, etc, all that 
is used by openssl to identify the communication partner.

JC


More information about the dovecot mailing list