Is Openfire affected by Heartbleed?

I’m just trying to find out if Openfire is affected by the Heartbleed bug and if so, what is your recommendation for remediation?

http://heartbleed.com/

TIA

Jose L.

Port 5222 is plain / TLS. Port 5223 is SSL - but we don’t use OpenSSL.

2 Likes

Thanks LG!

for make sure update your “openssl” on ur server, not ssl but openssl

etc : on debian : apt-get dist-upgrade

Openssl is not required or used by Openfire. Anyhow all OpenSSL 1.0.1 users may want to update unless they did already.

Openfire uses bouncycastle

http://bouncycastle.org/