OpenSSL critical vulnerability updates

lawik · October 29, 2022, 9:16am

Hey

Just wanted to have some certainty on that the Fly team have eyes on this thing: OpenSSL Release Patches Critical Vulnerability - GlobalSign

I’ll be going through our app and see if we have any exposure but would love to know the timeline and if there is any action requires wrt Fly.

The specifics are unreleased but if it is another Heartbleed I’d like to know that we are covered

thomas · October 29, 2022, 9:07pm

Oh, we definitely are keeping track of this. The top-line answer: our TLS termination is Rustls, not OpenSSL.

Topic		Replies	Views
There seems to be an outage with TLS termination	32	1255	October 13, 2021
Outage SSL Handshake Failing	1	188	January 18, 2024
Preview: Fly hosted `fly.dev` DNS announcement	8	736	January 26, 2023
SSL Connection Issues after a deployment	21	795	April 13, 2021
App is not accessible through the fly.dev domain: ERR_CERT_REVOKED Questions / Help	18	1104	June 1, 2023