Re: [GENERAL] openssl heartbleed

2014-04-10 Thread Steve Crawford
On 04/10/2014 01:01 AM, Albe Laurenz wrote: Steve Crawford wrote: If you aren't and weren't running a vulnerable version or if the vulnerable systems were entirely within a trusted network space with no direct external access then you are probably at low to no risk and need to evaluate the cos

Re: [GENERAL] openssl heartbleed

2014-04-10 Thread Albe Laurenz
John R Pierce wrote: > On 4/10/2014 1:01 AM, Albe Laurenz wrote: >> If you are in a totally trusted environment, why would you use SSL? > Belt, and suspenders. I guess what I wanted to say was: If you are concerned enough to use SSL, you should be concerned enough to change your certificates. To

Re: [GENERAL] openssl heartbleed

2014-04-10 Thread John R Pierce
On 4/10/2014 1:01 AM, Albe Laurenz wrote: If you are in a totally trusted environment, why would you use SSL? Belt, and suspenders. -- john r pierce 37N 122W somewhere on the middle of the left coast -- Sent via pgsql-general mailing list (pgsql-genera

Re: [GENERAL] openssl heartbleed

2014-04-10 Thread Albe Laurenz
Steve Crawford wrote: > On 04/09/2014 08:54 AM, "Gabriel E. Sánchez Martínez" wrote: >> Hi all, >> >> Our server is running Ubuntu Server 13.10 (we will soon upgrade to >> 14.04) and PostgreSQL 9.1. We use certificates for all client >> authentication on remote connections. The server certificat

Re: [GENERAL] openssl heartbleed

2014-04-09 Thread Ovnicraft
On Wed, Apr 9, 2014 at 10:54 AM, "Gabriel E. Sánchez Martínez" < gabrielesanc...@gmail.com> wrote: > Hi all, > > Our server is running Ubuntu Server 13.10 (we will soon upgrade to 14.04) > and PostgreSQL 9.1. We use certificates for all client authentication on > remote connections. The server c

Re: [GENERAL] openssl heartbleed

2014-04-09 Thread Steve Crawford
On 04/09/2014 08:54 AM, "Gabriel E. Sánchez Martínez" wrote: Hi all, Our server is running Ubuntu Server 13.10 (we will soon upgrade to 14.04) and PostgreSQL 9.1. We use certificates for all client authentication on remote connections. The server certificate is self-signed. In light of the

Re: [GENERAL] openssl heartbleed

2014-04-09 Thread Andrew Sullivan
On Wed, Apr 09, 2014 at 11:54:43AM -0400, "Gabriel E. Sánchez Martínez" wrote: > self-signed. In light of the heartbleed bug, should we create a new > server certificate and replace all client certificates? My guess is > yes. This depends mostly on what version of openssl you were actually usin

[GENERAL] openssl heartbleed

2014-04-09 Thread Gabriel E. Sánchez Martínez
Hi all, Our server is running Ubuntu Server 13.10 (we will soon upgrade to 14.04) and PostgreSQL 9.1. We use certificates for all client authentication on remote connections. The server certificate is self-signed. In light of the heartbleed bug, should we create a new server certificate an