CILogon and the OpenSSL Heartbleed Bug
Post date: Apr 9, 2014 1:04:40 PM
The CILogon service is not directly impacted by the OpenSSL Heartbleed Bug. The https://cilogon.org web servers use an OpenSSL version that is not vulnerable, and the CILogon CA private keys are protected by hardware security modules. However, CILogon relies on over 100 InCommon/OpenID identity providers for user authentication, and some of those identity providers may be impacted. InCommon is providing advice to its members at https://spaces.internet2.edu/x/-4DYAg. If you suspect a certificate issued by CILogon may be compromised, please contact firstname.lastname@example.org to request certificate revocation. As always, please contact email@example.com if you have any questions or concerns about the CILogon service.