CouchDB

Tuesday Apr 08, 2014

CouchDB and the Heartbleed SSL/TLS Vulnerability

You may or may not have heard about the Heartbleed SSL/TLS vulnerability yet. Without much exaggeration, this is a big one.

What does this mean for CouchDB?

1. If you are using CouchDB with the built-in SSL support, you are at the whim of Erlang/OTP’s handling of SSL. Lucky for you, while they do use OpenSSL for the heavy lifting, they do the TLS/SSL handshake logic in Erlang (Source). That means you are not affected by this issue.

2. If you are using CouchDB behind a third-party proxy server you are at the whim of the SSL library it uses. For the big three Apache, nginx and HAProxy it’s all OpenSSL. So if they are using OpenSSL 1.0.1-1.0.1f with heartbeat support (RFC6520) enabled (the default), you need to take action. As far as I can tell now:

  • 0. Check if you are vulnerable
  • 1. Stop your service.
  • 2. Upgrade to OpenSSL 1.0.1g or recompile OpenSSL without heartbeat support.
  • 3. Request new cert from your SSL cert vendor.
  • 4. Revoke your old cert.
  • 5. Invalidate all existing sessions by changing the CouchDB couchdb_httpd_auth/secret configuration value to a new UUID.
  • 6. Restart your service.
  • 7. Invalidate all your user’s passwords and/or OAuth tokens.
  • 8. Notify your users that any of their data and passwords are potentially compromised.

Comments:

Thanks for the info

Posted by Harshak3 on January 19, 2019 at 10:33 AM UTC #

I just can’t stop reading this. Its so fresh, so filled with updates that I just didn’t know. I am delighted to see that people are in fact writing about this subject in such a elegant way, presenting us all diverse parts to it. You’re a fine blogger. Please carry on with it. I can’t wait to read what’s after that. https://www.games.lol/brain/

Posted by Ernest on January 21, 2019 at 12:07 AM UTC #

I just can’t stop reading this. Its so fresh, so filled with updates that I just didn’t know. I am delighted to see that people are in fact writing about this subject in such a elegant way, presenting us all diverse parts to it. You’re a fine blogger. Please carry on with it. I can’t wait to read what’s after that. brain games app

Posted by Ernest on January 21, 2019 at 12:09 AM UTC #

I just can’t stop reading this. Its so fresh, so filled with updates that I just didn’t know. I am delighted to see that people are in fact writing about this subject in such a elegant way, presenting us all diverse parts to it. You’re a fine blogger. Please carry on with it. I can’t wait to read what’s after that. https://www.games.lol/card/

Posted by brain games app on January 21, 2019 at 12:11 AM UTC #

Thank You for the information. This will helps in my site as I am using the same technology. and I have a Yoga Website: https://yogachapter.com/ Where I give the information about the Yoga and Yoga Asana and Pranayama. And These steps given above are helpful. Thanks once again.

Posted by Surya on March 23, 2019 at 06:12 PM UTC #

Post a Comment:
  • HTML Syntax: NOT allowed

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation