It's best to be conservative. Rather that than having your certificates (and everything else) compromised.
Stefan On 9 April 2014 20:36, Linda Toth <[email protected]> wrote: > We patched our backend servers yesterday and are in the process of > replacing certificates today. > > We did not have openSSL certs for the front end in any case, but they are > being conservative so that anyone who already had exploited the > vulnerability would be cut off. > > Right on about commercial benefits from this event. > > L > > Linda Toth > University of Alaska - Office of Information Technology (OIT) - Identity > and Access Management > 910 Yukon Drive, Suite 103 > Fairbanks, Alaska 99775 > Tel: 907-450-8320 > Fax: 907-450-8381 > [email protected] | www.alaska.edu/oit/ > > > > On Wed, Apr 9, 2014 at 11:26 AM, Rex Roof <[email protected]> wrote: > >> We have patched our back end OSes against openssl and we're replacing the >> purchased certificate on the front end of our CAS service. >> this openssl vulnerability is going to be a windfall for SSL CA signers! >> >> - Rex Roof >> WCC Systems Engineer <[email protected]> >> 734-973-3478 >> >> >> On Wed, Apr 9, 2014 at 3:12 PM, Linda Toth <[email protected]> wrote: >> >>> Thanks - that summarizes my understanding. >>> >>> In our case, that does apply. But I then wondered about native CAS as >>> well. >>> >>> Regards, >>> >>> Linda >>> >>> -- >>> >>> Linda Toth >>> University of Alaska - Office of Information Technology (OIT) - Identity >>> and Access Management >>> 910 Yukon Drive, Suite 103 >>> Fairbanks, Alaska 99775 >>> Tel: 907-450-8320 >>> Fax: 907-450-8381 >>> [email protected] | www.alaska.edu/oit/ >>> >>> >>> >>> On Wed, Apr 9, 2014 at 11:04 AM, Carlos Fernandez <[email protected]>wrote: >>> >>>> IIUC, it depends on the container. In the case of Tomcat, the APR-based >>>> connector uses OpenSSL. Similarly, using Apache in front of Tomcat will >>>> bring OpenSSL into the mix as well. >>>> >>>> Best regards, >>>> -- >>>> Carlos M. Fernández >>>> Sr. Enterprise Systems Admin >>>> Saint Joseph's University >>>> W: 610-660-1501 >>>> M: 215-316-1193 >>>> E: [email protected] >>>> >>>> On Apr 9, 2014, at 14:53, Linda Toth <[email protected]> wrote: >>>> >>>> Hi >>>> >>>> Does any component of CAS rely on any Open SSL libraries. >>>> >>>> Linda >>>> >>>> -- >>>> Linda Toth >>>> University of Alaska - Office of Information Technology (OIT) - >>>> Identity and Access Management >>>> 910 Yukon Drive, Suite 103 >>>> Fairbanks, Alaska 99775 >>>> Tel: 907-450-8320 >>>> Fax: 907-450-8381 >>>> [email protected] | www.alaska.edu/oit/ >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> >>>> >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> -- >>> You are currently subscribed to [email protected] as: [email protected] >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
