If the client uses the native SSL implementation, Windows will not be a problem as that implementation does not have this issue.
-----Original Message----- From: boinc_dev [mailto:[email protected]] On Behalf Of Oliver Bock Sent: Tuesday, April 15, 2014 8:21 AM To: TarotApprentice Cc: [email protected] Subject: Re: [boinc_dev] Heartbleed bug with OpenSSL On 15/04/14 13:56 , TarotApprentice wrote: > Apart from all the hype I presume BOINC will need to come bundled > with a patched OpenSSL and the projects need to update to a later > version incorporating a patched OpenSSL. Any advice from the BOINC > developers? Charlie already updated OpenSSL bundled with the OSX client. Updates for the Windows and Linux clients should hopefully be in the pipeline (if affected). Projects need to check which OpenSSL version is installed on their servers. Many, like Einstein@Home, should still be running 0.98 which isn't affected. If you run any of the affected versions, update/upgrade to 1.0.1g or equivalent (Debian for instance ships a patched version of 1.0.1f for wheezy). If you used an affected version you should get a new SSL certificate (key) as you should consider it as being compromised. Unfortunately, that means all previous encrypted data transfers should also be considered compromised which in turn means your volunteers should be notified to change their passwords, obviously after you renewed your certificate keys. HTH, Oliver _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
