Hi Ted, > -----Original Message----- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > > How do I determine whether or not the web servers I run are affected? > They are Apache 2.4, built for 64 bit Windows and downloaded from > Apachelounge. I have no idea what version of openssl it was built with. Does > anyone here know if the feature that introduces the risk can be turned off, > without introducing other risks? If so, how?
you can check for yourself: - http://filippo.io/Heartbleed/ - http://possible.lv/tools/hb/ - https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl > Also, could the security keys we bought have been compromised? Certainly yes. You should replace them. I read today that some CAs offer free replacements. HTH, Patrick Eisenacher :��I"Ϯ��r�m���� (����Z+�K�+����1���x��h����[�z�(����Z+���f�y�������f���h��)z{,���