[TYPO3-typo3org] SSL certificate expiring in two weeks

Steffen Gebert steffen.gebert at typo3.org
Fri Apr 11 13:46:00 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Stephan,

as we are running Debian Wheezy on several servers, yes, we were
vulnerable to the Heartbleed attack.

There was the plan to publish a statement about how we were affect, I
admit that I don't know the current status, as I haven't had so much
spare time the last days.

The new certificate was installed about at the same time as the
updates were installed. However, we found a component (our Chef
server) that was still running a vulnerable version, as it brings its
own openssl library.

Therefore our team generated a new key this morning, the CSR was afaik
already sent and we will rollover to another new cert during during
the next couple of hours (and then revoke the old certificate).

Yours
Steffen

- -- 
Steffen Gebert
TYPO3 Server Administration Team Member

TYPO3 .... inspiring people to share!
Get involved: http://typo3.org

My wish list:
https://www.amazon.de/registry/wishlist/922E3JYSQ7CV/ref=cm_wl_sb_v?sort=priority

On 11/04/14 12:43, Stephan Großberndt wrote:
> Hi,
> 
> while reading about SSL certificates...
> 
> Have any typo3.org servers been compromised by the heartbleed bug?
> 
> Regards, Stephan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTR9X3AAoJEIskG/rSlyw4mOYIAMkyp1FrddNZasA/Kjo01x9M
T80uOxObTsO8ZBXOwUYuGLo12noOoLT1FSO152DaLLRrx9uyjZ3P5yoba3jCv71A
cI/A4k3oCLVdsx+Kib3H/7bn0floE/gZjbuwvw46NOc/IrtqWRVivxDzHQaeCivi
YRldmud0Gl1ppwn0OvL9FOXt3A6oqwgvcS8xJYUhxJAdsgeOilFQR+ciigHKFcaw
cU2Rf8IbRpwthgoVV/9EAU3B028soJSBUoUT9kQ/d5N6dNxWitA7zjD1O6UIuEVJ
fXt5KFUQjzr1Rc4OS2+wb85purUVeo3l7y4MA1d3DZwfl/zqzSgqwX6/SHpBeRQ=
=DVNj
-----END PGP SIGNATURE-----


More information about the TYPO3-team-typo3org mailing list