Heart bleed vulnerability 1/4/15

Dear customers,

You may have heard that the electronic voting system for the NSW election was possibly affected by a new vulnerability.

We have started yesterday and today to check all our regular customer’s Internet exposed connections to find out if your system has a problem with this as well. If you want to find out yourself, you can go to https://www.ssllabs.com and test the URL you are using to connect to your server (e.g. Sydney.friendlyware.com.au or similar). A sample is attached below.

After the initial tests, we are scheduling updates to any customer that that it affected – these will happen over the next 2 weeks. We have tested these updates and found that the don’t cause any problems – however it is possible that some legacy systems (e.g. Windows XP) may complain – so if this happens, please let us know. A server restart will be scheduled after the update to be performed around midnight.

Technically, this is what we will be doing: “The registry file deactivates SSL 2.0 and SSL 3.0. It activates TLS 1.0, TLS 1.1 and TLS 1.2 It also deactivates Ciphers RC4 128/128, RC4 40/128 and RC4 56/128”

 

No Comments Yet.

Leave a comment

You must be Logged in to post a comment.