08 Apr 2014, 11:50

Heartbleed Bug (OpenSSL 1.0.1 to 1.0.1f issue)

If you manage a web server and using https urls, a issue has been discovered in OpenSSL (version from 1.0.1 to 1.0.1f) which would allow some data leak, including some confidential one.

What I would advise you :

  • Read the full site http://heartbleed.com/ which explains the issue, what could leak, which distributions are vulnerable, etc
  • Check your OpenSSL version on your server
  • Apply update if available or check for its deployment

If you use a 0.9.8 version, even if you are safe against this issue, please consider upgrading to OpenSSL 1.0.1g so that you can mitigate other issues such as BEAST.

If you care about privacy, you may try to reach the "Perfect Forward Secrecy", which would mean that even if someone capture your encrypted flow, they will never be able to decrypt it even if they get the key. You read well, if you capture some encrypted traffic but get later the keys, you may decrypt it.

In French, a very interesting conference about SSL/TLS : http://www.iletaitunefoisinternet.fr/ssltls-benjamin-sonntag/ and with some recommended confs to reach Perfect Forward Secrecy.

Keep in mind that : HTTPS is not that safe/private by default.

One open question so far, is should all the keys based on OpenSSL such as SSH or Web Certificates be re-generated or not as they may have been compromised... (as mentionned on CloudFlare Blog)

[Edit]:  To test you host : https://blog.ipredator.se/2014/04/how-to-test-if-your-openssl-heartbleeds.html - Qualys also included a Heartbleed test in their SSL Test suite.

[Edit 2] : More details also on http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

[Edit 3] : A more sceptical analysis : http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html which would lower significantly the impacts.

[Edit 4] A good synthesis from EFF : Why web needs perfect forward secrecy.