powered by Jive Software

Is Openfire affected by Heartbleed?


#1

I’m just trying to find out if Openfire is affected by the Heartbleed bug and if so, what is your recommendation for remediation?

http://heartbleed.com/

TIA

Jose L.


#2

Port 5222 is plain / TLS. Port 5223 is SSL - but we don’t use OpenSSL.


#3

Thanks LG!


#4

for make sure update your “openssl” on ur server, not ssl but openssl

etc : on debian : apt-get dist-upgrade


#5

Openssl is not required or used by Openfire. Anyhow all OpenSSL 1.0.1 users may want to update unless they did already.


#6

Openfire uses bouncycastle

http://bouncycastle.org/