Ask / Submit
3

Jolla sites and openssl [answered]

asked 2014-04-10 22:22:09 +0200

cy8aer gravatar image

Did the sites had issues - is there any site which had a broken openssl library? Qualys says: Not. Just asking on running my big password change action...

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by nthn
close date 2017-03-06 20:29:43.743080

1 Answer

Sort by » oldest newest most voted
11

answered 2014-04-11 01:11:08 +0200

tigeli gravatar image

Yes, some of our public services were affected by the heartbleed-bug. However:

  1. We patched our services as soon as the patches were available.
  2. Our services (which use openssl) have forward secrecy enabled (private keys are not much of use even if leaked).
  3. It's possible in theory that someone could have fetched random bits from our servers memory but so far we have not detected any anomalies in our services.
  4. To be 100% safe side you can change your password at https://account.jolla.com and also remove all tokens from https://account.jolla.com/oauth/oauth2/clients, after that you will need to re-sign to your Jolla-account on your Jolla-device.
edit flag offensive delete publish link more

Question tools

Follow
1 follower

Stats

Asked: 2014-04-10 22:22:09 +0200

Seen: 232 times

Last updated: Apr 11 '14