We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

SSL bug Heartbleed


quadfinity
04-14-2014, 11:13 AM
Even though you were not affected by Heartbleed why is Perfect Forward Secrecy (PFS) disabled on hubiC? If a similar bug is discovered in future that potentially expose private keys only PFS would prevent decrypting data that has been transferred in the past.

I was asking the same question a few months ago and I got the reply that you guys need to test PFS first. When are you going to finish testing PFS?
hubiC could be very attactive for many people as you don't fall under US jurisdiction. But the missing PFS makes me feel a bit unsafe.

I can't wait to see an "A" rating in the SSL report some day:
https://www.ssllabs.com/ssltest/anal...ml?d=hubic.com

Kind Regards.

vcasse
04-11-2014, 09:54 AM
Hi Lordbaltimore,

OVH Products, hubiC included, are not affected by this SSL Bug. Indeed, we use some Cisco products that are not using OpenSSL. So, you dont had to change your password.

If you want to know about details on our products, you could see this page : http://status.ovh.net/?do=details&id=6699

Regards,
Vincent

lordbaltimore
04-11-2014, 06:22 AM
Hey guys, is hubiC affected by the SSL bug Heartbleed? If so, do you have fixed it yet? Is there any need to change password? Regards.