Gandi Kitchen

Home > OpenSSL: heartbleed postmortem

OpenSSL: heartbleed postmortem

A vulnerability in OpenSSL was released on April 7th 2014 around 11:00 CEST.

This security issue allows an attacker to get sensitive data but the full impact is hard to evaluate (could go up to the private key).

Please find the timeline below, with actions taken to secure our platform following this publication:

April 7

  • 23:30 CEST (21:30 UTC): Our technical team are aware of the OpenSSL security issue.

April 8

  • 00:19 CEST (22:19 UTC): Debian patch is now available, rebuild packages for the platforms.
  • 03:34 CEST (01:34 UTC): Customers using our web-accelerators are now protected of the heartbleed security flaw
  • 04:23 CEST (02:23 UTC): End of the upgrade of the OpenSSL library for  and
  • 12:59 CEST (10:59 UTC): Error during the SSL provisioning on our platform for and during the certificates load.
  • 13:11 CEST (11:11 UTC): Certificates for and are now up to date.

End of the security incident

For more details and instructions, please see our news post about Heartbleed.