Comments on Heartbleed Vulnerability

There has been substantial press about the Heartbleed vulnerability in the widely used OpenSSL protocol.

For customers interested in how our systems may have been affected by this vulnerability,  the short answer is that we have reviewed the systems involved in the operation of the GFI Mail services and we do not believe that we were or are susceptible to this vulnerability.   Specifically:

* the control panel servers and all of our MTAs do not use OpenSSL libraries and were not susceptible to the vulnerability

* the compiled version of the OpenSSL software used on our branded site servers did not include the heartbeat function, and therefore those systems were not subject to the vulnerability

* the SFTP servers for the archive import use OpenSSH for the SSH transport and thus were not affected (they do not use the TLS protocol)

We hope that this information is helpful.  For those interested in more information on this particular vulnerability, please see  http://heartbleed.com/

This entry was posted in MSP Mail, MSP Mail service updates. Bookmark the permalink.