Heartbleed SSL Bug

From EHS Help
Revision as of 17:13, 14 April 2014 by Admin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
AquilaCRS icon.png

This topic is for AquilaCRS


The Heartbleed vulnerability found in OpenSSL week commencing 7th April has most people worried and rightfully so. Therefore, we wanted to let you know how Heartbleed affects our products, and of course you.

= Products

Some EHS products use OpenSSL code to communicate with SSL enabled servers (such as those used by the iBID National Database). However, the code we use is from before the introduction of the Heartbleed bug. Moreover, the SSL implementation used on the IBID National Database is not based on OpenSSL.

In addition, the heartbleed exploit relies on plaintext communications between client and server. All our products use encrypted communications, even with SSL, using AES-256.

Finally, all products that implement SSL are used within the secure NHS Net.

Therefore our products have not been affected by Heartbleed.

Websites

Our websites do not use SSL.

Retrieved from ‘https://evolutionhealthcaresystems.co.uk/help/index.php?title=Heartbleed_SSL_Bug&oldid=1378