Turris

Information on Heartbleed bug

As we reported last week, a critical vulnerability 'heartbleed' was found in the OpenSSL library. We have addressed the problem on both our servers and on the client routers.

An updated version of OpenSSL was depoyed on our servers on Apr 8th, 2014. In the following days, SSL certificates for our servers were revoked and replaced with new ones. Due to overload on our certification authority's servers, the last certificate was updated on Sat Apr 12th, 2014.

Routers were updated to the new OpenSSL version on Fri Apr 11th, 2014 together with an update of server certificates. It is important that during the whole time, automated updates were safe due to digitally signed packages being used, which are signed on a machine independent of the rest of the deployment infrastructure.

At present, the whole system is updated and safe against Heartbleed.

Return to news…