Well, that’s the point, Paul. (You hit the nail on the head.) If you don’t have an openssl service exposed, the problem doesn’t affect you.
Since normally the web GUI isn’t exposed to the WAN, the attack surface is minimized. We are working at cutting a new release. Jim On Apr 8, 2014, at 1:49 PM, Paul Galati <paulgal...@gmail.com> wrote: > Is this vulnerability tied to a secure web connection on the wan interface? > If I do not have the web gui enabled on the wan interface and I am not using > openVPN, what other services allow this point of entry possible? > > Thanks for your time. > > Paul Galati > paulgal...@gmail.com > > > > On Apr 8, 2014, at 8:20 AM, Marek Salwerowicz <marek_...@wp.pl> wrote: > >> Regarding the web test provided at: >> http://filippo.io/Heartbleed/ >> >> All my pfSense firewalls (their HTTPS WEB GUI) are vulnerable... > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
