We have moved to a new Sailfish OS Forum. Please start new discussions there.

Jolla sites and openssl [answered]

asked 2014-04-10 22:22:09 +0300

cy8aer
9385 ●205 ●263 ●262

Did the sites had issues - is there any site which had a broken openssl library? Qualys says: Not. Just asking on running my big password change action...

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by nthn
close date 2017-03-06 20:29:43.743080

1 Answer

Sort by » oldest newest most voted

answered 2014-04-11 01:11:08 +0300

tigeli

9543 ●111 ●112 ●130

admin

Yes, some of our public services were affected by the heartbleed-bug. However:

We patched our services as soon as the patches were available.
Our services (which use openssl) have forward secrecy enabled (private keys are not much of use even if leaked).
It's possible in theory that someone could have fetched random bits from our servers memory but so far we have not detected any anomalies in our services.
To be 100% safe side you can change your password at https://account.jolla.com and also remove all tokens from https://account.jolla.com/oauth/oauth2/clients, after that you will need to re-sign to your Jolla-account on your Jolla-device.

edit flag offensive delete publish link

Question tools

1 follower

Stats

Asked: 2014-04-10 22:22:09 +0300

Seen: 285 times

Last updated: Apr 11 '14

Jolla sites and openssl [answered]

The question has been closed for the following reason "the question is answered, an answer was accepted" by nthn close date 2017-03-06 20:29:43.743080

1 Answer

Question tools

Public thread

Stats

Related questions

The question has been closed for the following reason "the question is answered, an answer was accepted" by nthn
close date 2017-03-06 20:29:43.743080