Hi, On Wednesday, April 9, 2014 2:05:31 PM UTC+10, vic hargrave wrote: > > We have released an advisory on the CVE-2014-0160 (Heartbeat bug) Advisory > for OSSEC and what users can do about it. >
I read the report, but it's not clear to me whether I need to revoke all agent keys and regenerate new ones? I don't have ossec-authd running. In fact I only recently recompiled OSSEC with the SSL headers in order to use ossec-authd at all (for automation). Which left me more confused: how do the agent keys ensure encrypted traffic using the 'secure' method if the SSL headers were not there previously? Is some other encryption type used? Thanks for any help Mig -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
