Gandi Kitchen

Home > OpenSSL: heartbleed postmortem

OpenSSL: heartbleed postmortem

A vulnerability in OpenSSL was released on April 7th 2014 around 11:00 CEST.

This security issue allows an attacker to get sensitive data but the full impact is hard to evaluate (could go up to the private key).

Please find the timeline below, with actions taken to secure our platform following this publication:

April 7

  • 23:30 CEST (21:30 UTC): Our technical team are aware of the OpenSSL security issue.

April 8

  • 00:19 CEST (22:19 UTC): Debian patch is now available, rebuild packages for the platforms.
  • 03:34 CEST (01:34 UTC): Customers using our web-accelerators are now protected of the heartbleed security flaw
  • 04:23 CEST (02:23 UTC): End of the upgrade of the OpenSSL library for www.gandi.net  and webmail.gandi.net
  • 12:59 CEST (10:59 UTC): Error during the SSL provisioning on our platform for www.gandi.net and webmail.gandi.net during the certificates load.
  • 13:11 CEST (11:11 UTC): Certificates for www.gandi.net and webmail.gandi.net are now up to date.

End of the security incident

For more details and instructions, please see our news post about Heartbleed.