This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Timeline for patching SSL vulnerability (Heartbleed Bug)

Heatbleed Bug (CVE-2014-0160)

Hi

Is there any timeframe for patching this SSL/TLS bug for Astaro Security Gateway V8.
We are on the latest 8.311 (as V8 is an approved appliance for us and V9 is not).

Thanks

Heartbleed Bug
https://news.ycombinator.com/item?id=7548991

This thread was automatically locked due to age.

Parents

0 BAlfson over 11 years ago

My clients all have been advised to use a different port on UDP for the SSL VPN and a different port for the User Portal. Are those that have taken this advice still exposed there? I don't see any way to avoid turning off any Virtual Server definitions that use SSL.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 11 years ago

My clients all have been advised to use a different port on UDP for the SSL VPN and a different port for the User Portal. Are those that have taken this advice still exposed there? I don't see any way to avoid turning off any Virtual Server definitions that use SSL.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BrucekConvergent over 11 years ago in reply to BAlfson

I don't believe changing ports will help you. All an attacker need do is a portscan (slow one to avoid portscan detection, mind you)... that said, using an alternate port would slow them down -- the problem is many of my customers use the SSL VPN on TCP 443 because that's the best way to get through some of the hotel firewalls "out in the world."
Cancel
Vote Up 0 Vote Down

Cancel