powered by Jive Software

Is Openfire affected by Heartbleed?

I’m just trying to find out if Openfire is affected by the Heartbleed bug and if so, what is your recommendation for remediation?

http://heartbleed.com/

TIA

Jose L.

Port 5222 is plain / TLS. Port 5223 is SSL - but we don’t use OpenSSL.

2 Likes

Thanks LG!

for make sure update your “openssl” on ur server, not ssl but openssl

etc : on debian : apt-get dist-upgrade

Openssl is not required or used by Openfire. Anyhow all OpenSSL 1.0.1 users may want to update unless they did already.

Openfire uses bouncycastle

http://bouncycastle.org/