Thanks Patrick. Apache lounge already has a patched release released. So, once I deploy that, and get my certificates reissued, I ought to be OK.
Thanks Ted -- R.E.(Ted) Byers, Ph.D.,Ed.D. On Wed, Apr 9, 2014 at 8:37 AM, Eisenacher, Patrick < patrick.eisenac...@bdr.de> wrote: > Hi Ted, > > > -----Original Message----- > > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > > > > How do I determine whether or not the web servers I run are affected? > > They are Apache 2.4, built for 64 bit Windows and downloaded from > > Apachelounge. I have no idea what version of openssl it was built with. > Does > > anyone here know if the feature that introduces the risk can be turned > off, > > without introducing other risks? If so, how? > > you can check for yourself: > - http://filippo.io/Heartbleed/ > - http://possible.lv/tools/hb/ > - https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl > > > Also, could the security keys we bought have been compromised? > > Certainly yes. You should replace them. I read today that some CAs offer > free replacements. > > > HTH, > Patrick Eisenacher >