Heartbleed Bug / Vulnerability

We’ve been receiving a lot of inquiries regarding the Heartbleed Bug, a vulnerability in the popular Open SSL cryptographic software library. Simply put as described at heartbleed.com, “The Heartbleed bug allows anyone on the internet to read the memory of systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

Because of the significant number of inquiries we’ve received, we thought it prudent to provide our customers (and future customers) an official company post assuring you that our Cloud Load Balancer or any other component of our cloud platform is not vulnerable to this bug. This includes our support portal, cloud management portal and everything else. We do not have OpenSSL version 1.01 through 1.01f inclusive deployed on any public-facing systems.

Here is a handy test tool that you can use. If you are a Load Balancing customer and utilize our SSL_BRIDGE protocol method, which is essentially SSL pass-through (we do not encrypt or decrypt, we just send the traffic along), we encourage you to test your systems to see if they are vulnerable. If they are, please don’t blame us 🙂 There are some helpful strategies at the heartbleed.com link above.

Please rest assured that we continue to take the security of our platform and our customer applications and information very seriously here. If you have any questions or concerns regarding this, please create a support ticket.

The Total Uptime team