It's not a decision. If you were running a vulnerable version for any amount of time then revoking and reissuing keys and�Certs after you patch is the only way to ensure someone doesn't have your private key material.�

You must patch,�revoke��AND�reissue.�
If you are a public site and don't do this then you are placing your future�client data at risk.�

On Wednesday, April 9, 2014, Steve Holdoway <steve@greengecko.co.nz> wrote:
On Wed, 2014-04-09 at 13:21 +1200, Dean Pemberton wrote:

[snip]

http://filippo.io/Heartbleed provides a quick and dirty tester, if you
want to optimize ssl usage, then https://www.ssllabs.com/ssltest is far
more thorough.

Most of my sites are CentOS 6 or Amazon linux. With both of these, a

yum update openssl\*

followed by restarting your web server implements the fix.

You still have the decision as to whether to revoke and replace the
current cert though...


Steve
--
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa

_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog