The technologies in use by JumpCloud, including:
- Node.js - disables the heartbeat extension in OpenSSL
- Go - has it's own TLS implementation, and thus is unaffected
- OpenVPN - uses the tls-auth directive, causing packets without a valid HMAC to be dropped
- AWS Elastic Load Balancers - terminates our SSL connections, and while initially vulnerable, Amazon has since patched ELB, and we have rotated our keys as required.