Customer Communication

10th April 2014

In relation to recent media publicity regarding Open SSL 'Heartbleed' vulnerabilities discovered, Integritie would like to communicate the below statement to all our Customers. This vulnerability does not affect components used in our systems.

Knowledge Capture Online

Content: Heartbleed Vulnerability

This vulnerability does NOT affect the SSL that is used by KCOL and IBM WebSphere Application Servers in all editions and all platforms. The IBM Java JSSE does not use OpenSSL.

This vulnerability does NOT affect the IBM HTTP Server component in all editions and all platforms. The GSKit component of IBM HTTP Server does not use OpenSSL SSL code.

On Apache HTTP Server, the SSL functionality is achieved using the module "mod_ssl" which is part of Open SSL. KCOL does not use "mod_ssl" for SSL, but rather ships it's own Gskit implementation which interfaces with a module named "mod_ibm_ssl".

Remediation: No action required.


Content: Heartbleed Vulnerability

SMC4 Does build open OpenSSL, however this vulnerability does NOT affect the versions in use on our Servers. OpenSSL snippet "OpenSSL 0.9.8 branch is NOT vulnerable".

Remediation: No action required.

Click Here to download the press release.

Additional Information: Click Here

Social Media C4 SMC4 Home
Regina Police Service SMC4
Case Management
Cumberland Building Society KC Online
social media capture
government cloud
RAC Cloud
avivia Cloud