[OSRM-talk] Our reaction to the heart bleed SSL bug
info at project-osrm.org
Wed Apr 9 20:23:39 UTC 2014
Dear OSRM API users,
a couple of days ago, we announced the availability of an HTTPS/SSL endpoint for our public API server. Then the Internet-wide security bug in the OpenSSL framework struck. It is known as the heart bleed vulnerability . We would like you to know that we have taken appropriate steps to mitigate the risks as soon as we learned about this issue. Specifically, we
- updated the affected OpenSSL libraries,
- set up two-factor authentication for admin access ,
- renewed the SSL certificate provided by Globalsign,
- configured perfect forward secrecy for SSL, and
- changed all passwords
as precautionary measures across all our servers.
These changes require no further changes on behalf of our users, and we have no reason to believe that any communication or server access has been compromised.
More information about the OSRM-talk