On Sun, Apr 13, 2014, at 12:55 PM, Bron Gondwana wrote:
> Finally, as Ken mentioned, if you have an SSL-enabled Cyrus listening
> to the internet, you admin password may have been stolen already.
> Upgrading OpenSSL won't stop future login attempts with that stolen
> password.
Your private key may
On Sat, Apr 12, 2014, at 01:17 AM, Ken Murchison wrote:
All,
I'm sure you have all heard about the [1]Heartbleed bug by now. If
not, you definitely need to read up on it and take appropriate action.
A Cyrus admin (not at CMU) has recently run the [2]check-ssl-heartbleed
script against his s
