OpenSSL Heartbleed | Search |
NowSMS Support Forums ⬆ NowSMS Support - SMS Issues ⬆ Archive through July 28, 2014 ⬆ |
◄ ► |
Author | Message | |||
Chris Frequent Contributor Username: Chrisc Post Number: 68 Registered: 12-2008 |
Hi Guys, After hearing in the news of the OpenSSL heartbleed bug, we pretty much immediately checked whether or not our products and services that does not use the Microsoft stack used OpenSSL. We found in one of your change logs that an update was done to your OpenSSL library in 2012, which does raise the question of whether or not NowSMS is vulnerable to the bug that's been discovered. Additionally, we can see that SSL can be used for the web interface and for SMPP as well. Are there any other areas where SSL is used in NowSMS? Hoping to hear from you soon. Regards Chris | |||
Des - NowSMS Support Board Administrator Username: Desosms Post Number: 4866 Registered: 08-2008 |
Hi Chris, We are still testing. As we don't work very frequently with certificates, it is difficult to verify that there are no certificate issues. But as we don't use any custom settings with OpenSSL, I would not anticipate any issues. I'll go ahead and upload a version of SMSSSL.DLL built with OpenSSL 1.0.1g. Stop the services and manually update this DLL file. (Save/copy the old version to another location in the unlikely event that this version causes a new problem.) http://www.nowsms.com/download/heartbleedfix.zip -- Des NowSMS Support |