Does Heartbleed affect AWS Elastic Load Balancer?

amazon-web-services openssl heartbleed amazon-elb

The Heartbleed OpenSSL vulnerability (http://heartbleed.com/) affects OpenSSL 1.0.1 through 1.0.1f (inclusive)

I use Amazon Elastic Load Balancer to terminate my SSL connections. Is ELB vulnerable?


Solution 1:

Update 09/04/2014 1:00AM EST

Amazon has stated that all Elastic Load Balancers have been updated and are now longer vulnerable. They recommend rotating certs as well.

Update 08/04/2014 2:56PM CST

Amazon has stated that all Elastic Load Balancers except those in US-EAST-1 have been updated, and the vast majority of those in US-EAST-1 have been updated.

Update 08/04/2014 9:58PM PST

Amazon has confirmed that this affects the ELB platform and is currently working to mitigate the exploit. See the link below for the official response.

Yes, It is. most likely. Several people have stated that they've gotten responses from Amazon that ELB is affected by this issue. Frankly most SSL applications are affected by this with the notable exception of Cloudflare who seems to have gotten early warning.

Evidence suggesting as such:

https://forums.aws.amazon.com/thread.jspa?threadID=149690#jive-message-535248

See also:

http://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/

Related

What is the difference between Nginx ~ and ~* regexes?
Auto Reconnect VPN on Disconnection due to any reason - Persistent VPN
Ubuntu 10.04/CURL: How do I fix/update the CA Bundle?
Ubuntu - * at the end of filename?
Using bash, how can i find out the average, max and min from a list of numbers?
What causes duplicate ACK records?
Why bracket a single letter in a grep regex?
How to set multiple subdomains in the host file (DNS)?
How much VPS ram would I need to run Wordpress, Apache, SVN & MySQL?
Is Zabbix the right tool for me?
Find GUID of MSI Package
exportfs: Warning: /home/user/share does not support NFS export