VULNERABLE - newsblur.com:443 has the heartbeat extension enabled and is vulnerable to CVE-2014-0160

Please update openssl and regenerate a new cert.

http://heartbleed.com/

You can test yourself using this tool: https://github.com/titanous/heartbleeder

3 Likes

I’m planning to restart HAProxy in a few hours when traffic is lower. I’ve already patched OpenSSL.

So, theoretically, we should change our passwords once you’ve done that, right?

Yes. All secrets (keys / certificates) also need to be reissued.

As I understand it, there isn’t much point to changing passwords until certificates are reissued, correct?

BTW, HAProxy supports graceful restarts that don’t break connections, with the -sf command line parameter. http://www.mgoff.in/2010/04/18/haprox…

I did that but it didn’t take, so the server needs a reboot.

Ok, all set. I’ll take care of certs soon.

WOOO! Thanks! To help ease the pain I’m taking my account to the super generous premium.

Thank you!