News‎ > ‎

CILogon and the OpenSSL Heartbleed Bug

posted Apr 9, 2014, 6:04 AM by Jim Basney
The CILogon service is not directly impacted by the OpenSSL Heartbleed Bug. The https://cilogon.org web servers use an OpenSSL version that is not vulnerable, and the CILogon CA private keys are protected by hardware security modules. However, CILogon relies on over 100 InCommon/OpenID identity providers for user authentication, and some of those identity providers may be impacted. InCommon is providing advice to its members at https://spaces.internet2.edu/x/-4DYAgIf you suspect a certificate issued by CILogon may be compromised, please contact help@cilogon.org to request certificate revocation. As always, please contact help@cilogon.org if you have any questions or concerns about the CILogon service.