OpenSSL

[Joshua Root]

Niels Dettenbach wrote:
> On 8. April 2014 05:34:28 MESZ, Ludwig <macports at metaspasm.org> wrote:
>>What else do I need to do about the addressed vulnerability besides
>>updating
>>the port — generate new keys or what?
> 
> ...as far as i informed about the current security notice / patch in OpenSSH (!) it makes no sense to generate new host or client keys. It could make sense to delete the known_hosts as the sec flaw could make it possible in curcumstances that a new client connects to a DNS faked host when not verifying the host key fingerprint during the host verifying process.

According to heartbleed.com, any data that was in the memory of the
process using openssl could have been revealed to an attacker. That
would include private keys.

- Josh