Steve Crawford wrote: > On 04/09/2014 08:54 AM, "Gabriel E. Sánchez Martínez" wrote: >> Hi all, >> >> Our server is running Ubuntu Server 13.10 (we will soon upgrade to >> 14.04) and PostgreSQL 9.1. We use certificates for all client >> authentication on remote connections. The server certificate is >> self-signed. In light of the heartbleed bug, should we create a new >> server certificate and replace all client certificates? My guess is yes.
[...] > If you aren't and weren't running a vulnerable version or if the > vulnerable systems were entirely within a trusted network space with no > direct external access then you are probably at low to no risk and need > to evaluate the cost of updates against the low level of risk. If you are in a totally trusted environment, why would you use SSL? Yours, Laurenz Albe -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
