[stunnel-users] Bleedingheart Bug in OpenSSL

Koenraad Lelong stunnel at ace-electronics.be
Fri Apr 11 08:28:04 CEST 2014


op 10-04-14 12:58, Kevin A. McGrail schreef:
> Replacing openssl and the certs should be an effective patch. You can 
> always check by running ldd against the stunnel binary to confirm it 
> is linking to a specific SSL library.
>
> There is also some consideration that you must assume systems were 
> compromised and snooped and change all passwords as well...
> Regards,
> KAM
Hi,

I did to change passwords, but is this neccessary, since I'm using 
stunnel with certs on both sides of the tunnel ? Just to understand this 
case of openssl a bit more.

Koenraad.



More information about the stunnel-users mailing list