| From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "Steve Crawford *EXTERN*" <scrawford(at)pinpointresearch(dot)com>, "Gabriel E(dot) Sánchez Martínez" <gabrielesanchez(at)gmail(dot)com>, Postgres General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: openssl heartbleed |
| Date: | 2014-04-10 08:01:00 |
| Message-ID: | A737B7A37273E048B164557ADEF4A58B17CEF450@ntex2010i.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Steve Crawford wrote:
> On 04/09/2014 08:54 AM, "Gabriel E. Sánchez Martínez" wrote:
>> Hi all,
>>
>> Our server is running Ubuntu Server 13.10 (we will soon upgrade to
>> 14.04) and PostgreSQL 9.1. We use certificates for all client
>> authentication on remote connections. The server certificate is
>> self-signed. In light of the heartbleed bug, should we create a new
>> server certificate and replace all client certificates? My guess is yes.
[...]
> If you aren't and weren't running a vulnerable version or if the
> vulnerable systems were entirely within a trusted network space with no
> direct external access then you are probably at low to no risk and need
> to evaluate the cost of updates against the low level of risk.
If you are in a totally trusted environment, why would you use SSL?
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John R Pierce | 2014-04-10 08:12:50 | Re: openssl heartbleed |
| Previous Message | Stuart Bishop | 2014-04-10 07:37:47 | Re: Linux vs FreeBSD |