9 Apr
2014
9 Apr
'14
4:19 a.m.
On 04/09/2014 04:21 AM, Dean Pemberton wrote:
We have tree basic messages for website owners:
1. Establish if your site's servers are vulnerable. 2. Patch the vulnerable servers. 3. Revoke/reissue keys and certificates.
Isn't it very simple to just verify that you have or doesn't have the infected library and decide on the certificate revocation and reissuing? Why to even test the issue if it was tested and validated to affect only on specific version of libs? So I think the test tools are just for the fun and to run couple more code lines which describes the result of the test that was conducted on lots of versions of openssl already. (just thinking out loud) Eliezer