Difference between revisions of "Heartbleed SSL Bug"
m (→= Products) |
m |
||
| (One intermediate revision by the same user not shown) | |||
| Line 2: | Line 2: | ||
| − | The ''Heartbleed'' vulnerability found in OpenSSL week commencing 7th April has most people worried and rightfully so. Therefore, we wanted to let you know how Heartbleed affects our products, and of course you. | + | The ''Heartbleed'' vulnerability found in OpenSSL week commencing 7th April was introduced on 31st Decemeber 2013. It has most people worried and rightfully so. Therefore, we wanted to let you know how Heartbleed affects our products, and of course you. |
=== Products === | === Products === | ||
| Line 8: | Line 8: | ||
Some EHS products use OpenSSL code to communicate with SSL enabled servers (such as those used by the iBID National Database). However, the code we use is from before the introduction of the Heartbleed bug. Moreover, the SSL implementation used on the IBID National Database is not based on OpenSSL. | Some EHS products use OpenSSL code to communicate with SSL enabled servers (such as those used by the iBID National Database). However, the code we use is from before the introduction of the Heartbleed bug. Moreover, the SSL implementation used on the IBID National Database is not based on OpenSSL. | ||
| − | + | The heartbleed exploit relies on communications between client and server being in plaintext. All of our products encrypt their communications using AES-256, regardless of the presence of SSL or not. | |
| − | Finally, all products that implement SSL are used within the secure NHS Net. | + | Finally, all products that implement SSL are used within the secure NHS Net which makes it inherently more secure than the Internet. |
Therefore our products have not been affected by Heartbleed. | Therefore our products have not been affected by Heartbleed. | ||
Latest revision as of 17:16, 14 April 2014
This topic is for AquilaCRS
The Heartbleed vulnerability found in OpenSSL week commencing 7th April was introduced on 31st Decemeber 2013. It has most people worried and rightfully so. Therefore, we wanted to let you know how Heartbleed affects our products, and of course you.
Products
Some EHS products use OpenSSL code to communicate with SSL enabled servers (such as those used by the iBID National Database). However, the code we use is from before the introduction of the Heartbleed bug. Moreover, the SSL implementation used on the IBID National Database is not based on OpenSSL.
The heartbleed exploit relies on communications between client and server being in plaintext. All of our products encrypt their communications using AES-256, regardless of the presence of SSL or not.
Finally, all products that implement SSL are used within the secure NHS Net which makes it inherently more secure than the Internet.
Therefore our products have not been affected by Heartbleed.
Websites
Our websites do not use SSL.
