On 2014-04-11 at 16:30 +0200, W.C.A. Wijngaards wrote: > Unbound's ssl-upstream, ssl-service and unbound-anchor are options and > tools that create TLS connections. This is vulnerable to heartbleed.
For clarity to those asking (since Wouter knows this but it wasn't clear): if you're changing keys/certs in response to Heartbleed (as I am) then it's because arbitrary server memory can be read. So if you have ssl-service-key set then you're vulnerable, but you need to then change _all_ keys and certs used by Unbound, including for those services which are not part of the attack vector, not _just_ ssl-service-key. -Phil _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
