Heartbleed SSL Bug

From EHS Help
Jump to: navigation, search
AquilaCRS icon.png

This topic is for AquilaCRS


The Heartbleed vulnerability found in OpenSSL week commencing 7th April was introduced on 31st Decemeber 2013. It has most people worried and rightfully so. Therefore, we wanted to let you know how Heartbleed affects our products, and of course you.

Products

Some EHS products use OpenSSL code to communicate with SSL enabled servers (such as those used by the iBID National Database). However, the code we use is from before the introduction of the Heartbleed bug. Moreover, the SSL implementation used on the IBID National Database is not based on OpenSSL.

The heartbleed exploit relies on communications between client and server being in plaintext. All of our products encrypt their communications using AES-256, regardless of the presence of SSL or not.

Finally, all products that implement SSL are used within the secure NHS Net which makes it inherently more secure than the Internet.

Therefore our products have not been affected by Heartbleed.

Websites

Our websites do not use SSL.

Retrieved from ‘https://evolutionhealthcaresystems.co.uk/help/index.php?title=Heartbleed_SSL_Bug&oldid=1381