Hi,
> Thanks for the link. On a quick read it seems their conclusion is that > while it is *extremely* unlikely that your private key(s) was/were > stolen using nginx, you should still re-key and revoke. While > comforting, not really of any great practical help. They updated the post, their initial analysis was wrong. Also see: http://blog.cloudflare.com/the-results-of-the-cloudflare-challenge > Nice that CloudFlare (and no doubt others) received significant advance > warning while the rest of us were left vulnerable. Just sayin... They had no choice. They couldn't notify a lot of people about this, it would have been leaked to exploit kits and black hats before OpenSSL provided the bugfix. That would have been a lot worse. Regards, Lukas _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
