Home | Blog | Update OpenSSL 1.0.1g

Update OpenSSL 1.0.1g

By Clément Nivolle

Features

Yesterday, a security patch of OpenSSL 1.0.1g was issued, fixing a pretty critical vulnerability (refered to as CVE-2014-0160).

Once issued, the Clever Cloud support team immediately updated our service with it.

Who's affected?

If you have SSL enabled on Clever Cloud, you have to read the following.

What to do?

Clever Cloud is not vulnerable to this security breach anymore, but we urge you to regenerate SSL keys and re-issue your certificate. Certificate regeneration is not a sufficient solution to protect you completely, you also have to regenerate a new SSL key. If you have any questions related to this security update for your apps hosted on Clever Cloud, feel free to send us an e-mail, our team will keep you informed of future developments.

Which versions of OpenSSL are vulnerable?

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Tags

Blog

À lire également

What makes Clever Cloud unique
Most cloud platforms ask you to pick a lane. Serverless with hard limits on memory, execution time, and payload size. Containers locked to a single hyperscaler with databases resold from third parties. Or raw infrastructure where you manage everything yourself.
Company

OpenTofu: the open-source Terraform fork — natively supported on Clever Cloud
In August 2023, HashiCorp changed Terraform's license. A few weeks later, OpenTofu was born under the Linux Foundation. Here's what it means — and how to use it with the Clever Cloud provider.
Engineering

When choose a PaaS for a public sector project
Public services are engaged in an ongoing digital transformation, driven by increasing user expectations, service continuity requirements, and growing security needs.
Company Engineering Features