nanog mailing list archives
Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
From: Chris Adams <cma () cmadams net>
Date: Tue, 8 Apr 2014 14:15:36 -0500
Once upon a time, Frank Bulk <frnkblk () iname com> said:
If we would front our HTTPS services with a (OpenSSL vulnerable) load-balancer that does the SSL work and we just use HTTP to the service, will that mitigate information loss that's possible with this exploit? Or will the OpenSSL code on the load-balancer also store or "cache" content?
One of the biggest risks that could be exposed in this particular case is the SSL private key. If your front end is handling SSL with OpenSSL, it'll have the key, and that is vulnerable. -- Chris Adams <cma () cmadams net>
Current thread:
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed", (continued)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Me (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Patrick W. Gilmore (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Niels Bakker (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Me (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Niels Bakker (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Me (Apr 09)
- Re: Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Steve Clark (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Laszlo Hanyecz (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Chris Adams (Apr 08)