New bug in OpenSSL – mailbox.org ist secure again

Once again, a new vulnerability was published in OpenSSL. We already applied the newest patches to our servers, so we are not affected by this vulnerability anymore. You can verify this on your own:
https://dev.ssllabs.com/ssltest/analyze.html?d=mailbox.org
Please observe the last entry of the testresult, labeled with “OpenSSL CCS vulnerability (CVE-2014-0224)”

This vulnerability, named “OpenSSL CCS Injection Vulnerability (CVE-2014-0224)”, would have allowed for a so-called “man-in-the-middle” attack. This means, that an attacker would’ve been able to break the
transport encryption of your connections.

OpenSSL is used for the encryption of connections between computers, for example from your computer to our mailbox-org-Website. Because of this update, you are now once again able to securely communicate with our servers.

With these tools you are able to test other servers, to find out wether this vulnerability has been resolved there as well: https://dev.ssllabs.com/ssltest/analyze.html and http://ccsbug.exposed/

  • zurück
  • nach Oben