[nsd-users] [Unbound-users] OpenSSL heartbleed bug
Phil Pennock
unbound-users+phil at spodhuis.org
Fri Apr 11 16:10:08 UTC 2014
On 2014-04-11 at 16:30 +0200, W.C.A. Wijngaards wrote:
> Unbound's ssl-upstream, ssl-service and unbound-anchor are options and
> tools that create TLS connections. This is vulnerable to heartbleed.
For clarity to those asking (since Wouter knows this but it wasn't
clear): if you're changing keys/certs in response to Heartbleed (as I
am) then it's because arbitrary server memory can be read.
So if you have ssl-service-key set then you're vulnerable, but you need
to then change _all_ keys and certs used by Unbound, including for those
services which are not part of the attack vector, not _just_
ssl-service-key.
-Phil
More information about the nsd-users
mailing list