VULNERABLE - has the heartbeat extension enabled and is vulnerable to CVE-2014-0160

Please update openssl and regenerate a new cert.

You can test yourself using this tool:


I’m planning to restart HAProxy in a few hours when traffic is lower. I’ve already patched OpenSSL.

So, theoretically, we should change our passwords once you’ve done that, right?

Yes. All secrets (keys / certificates) also need to be reissued.

As I understand it, there isn’t much point to changing passwords until certificates are reissued, correct?

BTW, HAProxy supports graceful restarts that don’t break connections, with the -sf command line parameter.…

I did that but it didn’t take, so the server needs a reboot.

Ok, all set. I’ll take care of certs soon.

WOOO! Thanks! To help ease the pain I’m taking my account to the super generous premium.

Thank you!