We patched our backend servers yesterday and are in the process of replacing certificates today.
We did not have openSSL certs for the front end in any case, but they are being conservative so that anyone who already had exploited the vulnerability would be cut off. Right on about commercial benefits from this event. L Linda Toth University of Alaska - Office of Information Technology (OIT) - Identity and Access Management 910 Yukon Drive, Suite 103 Fairbanks, Alaska 99775 Tel: 907-450-8320 Fax: 907-450-8381 [email protected] | www.alaska.edu/oit/ On Wed, Apr 9, 2014 at 11:26 AM, Rex Roof <[email protected]> wrote: > We have patched our back end OSes against openssl and we're replacing the > purchased certificate on the front end of our CAS service. > this openssl vulnerability is going to be a windfall for SSL CA signers! > > - Rex Roof > WCC Systems Engineer <[email protected]> > 734-973-3478 > > > On Wed, Apr 9, 2014 at 3:12 PM, Linda Toth <[email protected]> wrote: > >> Thanks - that summarizes my understanding. >> >> In our case, that does apply. But I then wondered about native CAS as >> well. >> >> Regards, >> >> Linda >> >> -- >> >> Linda Toth >> University of Alaska - Office of Information Technology (OIT) - Identity >> and Access Management >> 910 Yukon Drive, Suite 103 >> Fairbanks, Alaska 99775 >> Tel: 907-450-8320 >> Fax: 907-450-8381 >> [email protected] | www.alaska.edu/oit/ >> >> >> >> On Wed, Apr 9, 2014 at 11:04 AM, Carlos Fernandez <[email protected]>wrote: >> >>> IIUC, it depends on the container. In the case of Tomcat, the APR-based >>> connector uses OpenSSL. Similarly, using Apache in front of Tomcat will >>> bring OpenSSL into the mix as well. >>> >>> Best regards, >>> -- >>> Carlos M. Fernández >>> Sr. Enterprise Systems Admin >>> Saint Joseph's University >>> W: 610-660-1501 >>> M: 215-316-1193 >>> E: [email protected] >>> >>> On Apr 9, 2014, at 14:53, Linda Toth <[email protected]> wrote: >>> >>> Hi >>> >>> Does any component of CAS rely on any Open SSL libraries. >>> >>> Linda >>> >>> -- >>> Linda Toth >>> University of Alaska - Office of Information Technology (OIT) - Identity >>> and Access Management >>> 910 Yukon Drive, Suite 103 >>> Fairbanks, Alaska 99775 >>> Tel: 907-450-8320 >>> Fax: 907-450-8381 >>> [email protected] | www.alaska.edu/oit/ >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
