Steve Crawford wrote:
> On 04/09/2014 08:54 AM, "Gabriel E. Sánchez Martínez" wrote:
>> Hi all,
>>
>> Our server is running Ubuntu Server 13.10 (we will soon upgrade to
>> 14.04) and PostgreSQL 9.1. We use certificates for all client
>> authentication on remote connections. The server certificate is
>> self-signed. In light of the heartbleed bug, should we create a new
>> server certificate and replace all client certificates? My guess is yes.
[...]
> If you aren't and weren't running a vulnerable version or if the
> vulnerable systems were entirely within a trusted network space with no
> direct external access then you are probably at low to no risk and need
> to evaluate the cost of updates against the low level of risk.
If you are in a totally trusted environment, why would you use SSL?
Yours,
Laurenz Albe
