Hi Ted,

> -----Original Message-----
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> How do I determine whether or not the web servers I run are affected?
> They are Apache 2.4, built for 64 bit Windows and downloaded from
> Apachelounge.  I have no idea what version of openssl it was built with.  Does
> anyone here know if the feature that introduces the risk can be turned off,
> without introducing other risks?  If so, how?

you can check for yourself:
- http://filippo.io/Heartbleed/
- http://possible.lv/tools/hb/
- https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl

> Also, could the security keys we bought have been compromised?

Certainly yes. You should replace them. I read today that some CAs offer free 

Patrick Eisenacher

Reply via email to