Am 10.04.2014 21:34, schrieb Erwann Abalea:
FWIW, I'm pretty confident that my private key hasn't been compromised, even if my personal server was "Heartbleed-enabled". So far, private key leaks have been demonstrated on FreeBSD systems, not on Linux. And only when the first request after the server launch is a HB one. It may be related to different memory allocators.
Cloudflare set up a challenge with nginx on Ubuntu. Seems some people succeeded in extracting the servers private key: https://www.cloudflarechallenge.com/heartbleed http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed Juergen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy