Re: openssl heartbleed

Steve Crawford  wrote:
> On 04/09/2014 08:54 AM, "Gabriel E. Sánchez Martínez" wrote:
>> Hi all,
>>
>> Our server is running Ubuntu Server 13.10 (we will soon upgrade to
>> 14.04) and PostgreSQL 9.1.  We use certificates for all client
>> authentication on remote connections.  The server certificate is
>> self-signed.  In light of the heartbleed bug, should we create a new
>> server certificate and replace all client certificates?  My guess is yes.

[...]

> If you aren't and weren't running a vulnerable version or if the
> vulnerable systems were entirely within a trusted network space with no
> direct external access then you are probably at low to no risk and need
> to evaluate the cost of updates against the low level of risk.

If you are in a totally trusted environment, why would you use SSL?

Yours,
Laurenz Albe