Heartbleed SSL vulnerability

By / April 11, 2014 / / 0 Comments

NETLAB+ AE and NETLAB+ PE servers use OpenSSL 0.9.8 to communicate with the VMware vSphere API.  NETLAB+ is an SSL client in this case.  This version of OpenSSL is not vulnerable to the Heartbleed  CVE-2014-0160 vulnerability.

Inbound HTTPS/SSL (tcp 443) is currently not enabled on NETLAB+ servers.  As discussed in my previous posts, we will support inbound HTTPS/SSL encryption of the NETLAB+ web interface in a future release.  This feature will use an OpenSSL library that is not vulnerable to Heartbleed.

about the author

Chief Technical Officer, NDG