OpenSSL Upgrades in the works for Webhosting and email?

Technical support for general webhosting clients and questions relating to their webhosting services.

Moderator: Admins

Post Reply
sbrook
newbie
Posts: 9
Joined: Thu May 10, 2007 11:45 am

OpenSSL Upgrades in the works for Webhosting and email?

Post by sbrook »

I gather that Open SSL has been patched to 1.*.* to avoid the HeartBleed vulnerability.

Do you have plans to upgrade it on your Webhosting and Mail servers soon?

Thanks.
porcupine
Site Admin
Posts: 703
Joined: Wed Jun 12, 2002 5:57 pm
Location: Toronto, Ontario
Contact:

Re: OpenSSL Upgrades in the works for Webhosting and email?

Post by porcupine »

sbrook wrote:I gather that Open SSL has been patched to 1.*.* to avoid the HeartBleed vulnerability.

Do you have plans to upgrade it on your Webhosting and Mail servers soon?

Thanks.
The reseller servers run CPanel/WHM, which means each unique server (www2 through www7) provides both http, and mail services (along with ftp, mysql, dns, etc.).

None of these servers were impacted by the Heartbleed vulnerability to start with, as they're running the previous versions of OpenSSL (as they're CentOS 5.x based, and that vulnerability was specific to 6.5). All servers have been checked (just in case), found not to be vulnerable, and it shouldn't present an issue.
Myles Loosley-Millman
Priority Colo Inc.
myles@prioritycolo.com
http://www.prioritycolo.com
sbrook
newbie
Posts: 9
Joined: Thu May 10, 2007 11:45 am

Re: OpenSSL Upgrades in the works for Webhosting and email?

Post by sbrook »

Sounds good to me. So, it was an Open SSL upgrade that went wrong ... fair enough :-)

Even though they're no longer using SSL, because they can't make the security requirements of their credit card processor in other ways, they wanted the reassurance in case they want me to implement encryption for other form data. (We're talking through that now)
porcupine
Site Admin
Posts: 703
Joined: Wed Jun 12, 2002 5:57 pm
Location: Toronto, Ontario
Contact:

Re: OpenSSL Upgrades in the works for Webhosting and email?

Post by porcupine »

sbrook wrote:Sounds good to me. So, it was an Open SSL upgrade that went wrong ... fair enough :-)

Even though they're no longer using SSL, because they can't make the security requirements of their credit card processor in other ways, they wanted the reassurance in case they want me to implement encryption for other form data. (We're talking through that now)
Actually, that's a big part of the scare/hype out there. The vulnerable version of OpenSSL has been vulnerable (in theory) for roughly 2 years, it's nothing new, just something that was newly discovered.
Myles Loosley-Millman
Priority Colo Inc.
myles@prioritycolo.com
http://www.prioritycolo.com
Post Reply