Support Center

Heartbleed

JumpCloud has reviewed all its systems and use of encryption, and has taken steps to address our limited vulnerability to the OpenSSL Heartbleed vulnerability.

The technologies in use by JumpCloud, including:
  • Node.js - disables the heartbeat extension in OpenSSL
  • Go - has it's own TLS implementation, and thus is unaffected
  • OpenVPN - uses the tls-auth directive, causing packets without a valid HMAC to be dropped
  • AWS Elastic Load Balancers - terminates our SSL connections, and while initially vulnerable, Amazon has since patched ELB, and we have rotated our keys as required.
 

Last Updated: Jul 25, 2017 02:49PM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete