Here’s the latest update on the ongoing resolution to critical OpenSSL vulnerability CVE-2014-0160, aka 'Heartbleed,' which was announced on April 7th and affects nearly every Internet service provider and website using SSL to secure customer traffic.
On Monday, our engineering team deployed the fix to OpenSSL itself and rolled out new certificates to internal systems. Because of the nature of this specific vulnerability, it is imperative that you also replace existing SSL certificates with certificates containing new keys. We have already updated SSL certificates and keys for many customers. Please read on to determine if additional action is required on your part.
Customers who Purchase and Manage Your Own SSL Certificates: We Will Work With You to Update Your SSL Certificates
For customers who purchase and manage your own certificates, the Fastly support team has started to reach out to you individually to update and re-key your SSL certificate(s) in a timely manner. If you have questions before you hear from us, please open a support ticket by emailing email@example.com.
Customers with SSL Certificates Issued and Managed by Fastly: Your Keys Are Now Updated
For customers whose certificates are issued and managed by Fastly, we worked yesterday to generate new keys and install new certificates for your domains. Customers did not experience any disruption in service when the certificates with new keys were installed, and no additional customer interaction is required. In the event that we need additional information from you, the team will reach out.
We hope this update addresses your concerns about the impact of CVE-2014-0160 on your Fastly service. As always, please feel free to reach out to our support team at firstname.lastname@example.org with any follow-up questions.