Security Info - OpenSSL Heartbleed

Security Info - OpenSSL Heartbleed - 4D v13/v14 NOT

David Ringsmuth (4/9/14 10:53AM)
Dave Gradwell (4/9/14 4:44PM)
Pascal Geuns (4/9/14 8:26PM)

David Ringsmuth (4/9/14 10:53 AM)

vulnerable

Dave,

Thanks!

David

-----Original Message-----
From: 4d_tech-bounces@...
[mailto:4d_tech-bounces@... On
Behalf Of Dave Gradwell
Sent: Wednesday, April 09, 2014 10:44 AM

vulnerable

Hi David,

I found this:
http://kb.4d.com/search/assetid=76175

Which says:
"""
The version of libeay32.dll and ssleay32.dll included with 4D v11 SQL
Release 7 (11.7) is 0.9.8.2 which translates to OpenSSL v0.9.8b.
The version of libeay32.dll and ssleay32.dll included with 4D v12 is
0.9.8.10 which translates to OpenSSL v0.9.8j.
"""

http://heartbleed.com/ says:
"""
OpenSSL 0.9.8 branch is NOT vulnerable
"""

Yours,

Dave.

Dave Gradwell (4/9/14 4:44 PM)

vulnerable

Hi David,

I found this:
http://kb.4d.com/search/assetid=76175

Which says:
"""
The version of libeay32.dll and ssleay32.dll included with 4D v11 SQL
Release 7 (11.7) is 0.9.8.2 which translates to OpenSSL v0.9.8b.
The version of libeay32.dll and ssleay32.dll included with 4D v12 is
0.9.8.10 which translates to OpenSSL v0.9.8j.
"""

http://heartbleed.com/ says:
"""
OpenSSL 0.9.8 branch is NOT vulnerable
"""

Yours,

Dave.

On 9 Apr 2014, at 16:37, David Ringsmuth wrote:

color><param>00000,0000,DDEE/param>TThomas

What about 4D v12.5+

Does this version of 4D have the OpenSSL vulnerability? It is still
supported by 4D until May.

Thanks!
David
/color>

Pascal Geuns (4/9/14 8:26 PM)

vulnerable

We have just released an SSL Test Tool which you can use to check your
SSL setup and see if your server is vulnerable to the heartbleed bug:

http://www.qualityssl.com/en/support/ssl-server-test.lasso

Kind Regards
Pascal Geuns
QualitySSL

Meet me on LinkedIn
http://www.linkedin.com/in/pascalgeuns

------------------------------------------------------------------------
QualitySSL Certificates for your 4D Server, visit
http://www.qualityssl.com/

Reply to this message

Summary created 4/9/14 at 4:39PM by Intellex Corporation

Comments welcome at: feedback@intellexcorp.com