Here’s the latest update on the ongoing resolution to critical OpenSSL vulnerability CVE-2014-0160, aka 'Heartbleed,' which was announced on April 7th and affects nearly every Internet service provider and website using SSL to secure customer traffic.
On Monday, our engineering team deployed the fix to OpenSSL itself and rolled out new certificates to internal systems. Because of the nature of this specific vulnerability, it is imperative that you also replace existing SSL certificates with certificates containing new keys. We have already updated SSL certificates and keys for many customers. Please read on to determine if additional action is required on your part.
Customers who Purchase and Manage Your Own SSL Certificates: We Will Work With You to Update Your SSL Certificates
For customers who purchase and manage your own certificates, the Fastly support team has started to reach out to you individually to update and re-key your SSL certificate(s) in a timely manner. If you have questions before you hear from us, please open a support ticket by emailing firstname.lastname@example.org.
Customers with SSL Certificates Issued and Managed by Fastly: Your Keys Are Now Updated
For customers whose certificates are issued and managed by Fastly, we worked yesterday to generate new keys and install new certificates for your domains. Customers did not experience any disruption in service when the certificates with new keys were installed, and no additional customer interaction is required. In the event that we need additional information from you, the team will reach out.
We hope this update addresses your concerns about the impact of CVE-2014-0160 on your Fastly service. As always, please feel free to reach out to our support team at email@example.com with any follow-up questions.
You may also like:
Disabling SSLv3 Due to POODLE Vulnerability
Based on our understanding of the POODLE vulnerability (mainly the fact that there is currently no workaround), and the fact that we have very little traffic running over SSLv3 (around .5% globally), we are disabling...
More Advanced Security Features for Your Fastly Account
Security is one of our top priorities at Fastly. We recognize that having your account compromised could have a profoundly negative impact on your business, leaving you and your customers vulnerable and at risk. So,...