CouchDB

Tuesday Apr 08, 2014

CouchDB and the Heartbleed SSL/TLS Vulnerability

You may or may not have heard about the Heartbleed SSL/TLS vulnerability yet. Without much exaggeration, this is a big one.

What does this mean for CouchDB?

1. If you are using CouchDB with the built-in SSL support, you are at the whim of Erlang/OTP’s handling of SSL. Lucky for you, while they do use OpenSSL for the heavy lifting, they do the TLS/SSL handshake logic in Erlang (Source). That means you are not affected by this issue.

2. If you are using CouchDB behind a third-party proxy server you are at the whim of the SSL library it uses. For the big three Apache, nginx and HAProxy it’s all OpenSSL. So if they are using OpenSSL 1.0.1-1.0.1f with heartbeat support (RFC6520) enabled (the default), you need to take action. As far as I can tell now:

  • 0. Check if you are vulnerable
  • 1. Stop your service.
  • 2. Upgrade to OpenSSL 1.0.1g or recompile OpenSSL without heartbeat support.
  • 3. Request new cert from your SSL cert vendor.
  • 4. Revoke your old cert.
  • 5. Invalidate all existing sessions by changing the CouchDB couchdb_httpd_auth/secret configuration value to a new UUID.
  • 6. Restart your service.
  • 7. Invalidate all your user’s passwords and/or OAuth tokens.
  • 8. Notify your users that any of their data and passwords are potentially compromised.

Comments:

Thanks for the info

Posted by Harshak3 on January 19, 2019 at 10:33 AM UTC #

I just can’t stop reading this. Its so fresh, so filled with updates that I just didn’t know. I am delighted to see that people are in fact writing about this subject in such a elegant way, presenting us all diverse parts to it. You’re a fine blogger. Please carry on with it. I can’t wait to read what’s after that. https://www.games.lol/brain/

Posted by Ernest on January 21, 2019 at 12:07 AM UTC #

I just can’t stop reading this. Its so fresh, so filled with updates that I just didn’t know. I am delighted to see that people are in fact writing about this subject in such a elegant way, presenting us all diverse parts to it. You’re a fine blogger. Please carry on with it. I can’t wait to read what’s after that. brain games app

Posted by Ernest on January 21, 2019 at 12:09 AM UTC #

I just can’t stop reading this. Its so fresh, so filled with updates that I just didn’t know. I am delighted to see that people are in fact writing about this subject in such a elegant way, presenting us all diverse parts to it. You’re a fine blogger. Please carry on with it. I can’t wait to read what’s after that. https://www.games.lol/card/

Posted by brain games app on January 21, 2019 at 12:11 AM UTC #

Thank You for the information. This will helps in my site as I am using the same technology. and I have a Yoga Website: https://yogachapter.com/ Where I give the information about the Yoga and Yoga Asana and Pranayama. And These steps given above are helpful. Thanks once again.

Posted by Surya on March 23, 2019 at 06:12 PM UTC #

Thanks for this helpful information. This is helpful for my site too because I am using Apache with PHP. I have developed site on Yoga Day. Here is an article from my site: https://internationalyogaday2019.com/yoga-day-quotes/

Posted by Yoga guru on June 03, 2019 at 06:46 AM UTC #

Hola, Gracias por el gran juego .... sigan el buen trabajo https://www.londonlocalbusinesses.co.uk

Posted by Javier on June 07, 2019 at 01:37 AM UTC #

What I really like is that you article is well thought out and researched https://www.my-window-cleaner.com.au

Posted by Simon Harrison on June 07, 2019 at 01:40 AM UTC #

Send these funny happy birthday images for her on that day https://shinetalks.com/happy-birthday-wishes-for-sister/

Posted by shinetalks on June 29, 2019 at 07:07 PM UTC #

We are giving you the tested and one thousandth operating technique to put in ‘BitLife – Life Simulator’ for laptop.

Posted by bitlife on June 29, 2019 at 07:14 PM UTC #

2. Upgrade to OpenSSL 1.0.1g or recompile OpenSSL without heartbeat support.

Posted by film izle on June 29, 2019 at 08:59 PM UTC #

inspirador, no entiendo que quieres decir con el tema, pero a mi criterio tiene mucho impacto!! felicidades This is so beautiful, i might just cry!!!!!

Posted by cadichesree1989 on July 20, 2019 at 04:48 PM UTC #

BRILLIANT Absolutely love it! :)

Posted by dietartneete1978 on July 20, 2019 at 05:30 PM UTC #

Amazing Concept and Work. Well Done! Super nice

Posted by lessmohari1976 on July 20, 2019 at 06:24 PM UTC #

coool Wow. you are best. I impressed.

Posted by tiotegusrui1989 on July 20, 2019 at 07:46 PM UTC #

Beautiful enchanting series, just love it! Muy bueno!

Posted by rockfrerdownhand1986 on July 20, 2019 at 11:31 PM UTC #

Cute :) Great work, but the neck part disturbs me :)

Posted by chidotguitumb1981 on July 21, 2019 at 12:21 AM UTC #

Thanks @YASHVEER SINGH @Rahul pawar @Serkan Gürkan Fab!

Posted by agexsubga1986 on July 21, 2019 at 01:21 AM UTC #

GRAN TRABAJO! really nice graphics!!

Posted by mcinsupploco1978 on July 21, 2019 at 03:01 AM UTC #

Witty! Big papa at it again

Posted by panroliter1971 on July 21, 2019 at 04:50 AM UTC #

Wooow! Awesome illustration style!

Posted by blowizenob1978 on July 21, 2019 at 05:22 AM UTC #

love gifs! Crazy good, like the green one best :)

Posted by sfalintobo1986 on July 21, 2019 at 06:03 AM UTC #

beaut!ful Vais a tope!

Posted by tresinover1983 on July 21, 2019 at 07:09 AM UTC #

la segunda está ameizinnnnn Amazing shots of India as well..

Posted by incalrescbris1980 on July 21, 2019 at 08:13 AM UTC #

I am trying hard to be constantly evolving. However the great idea of mosaics is creating something from something else. This idea can lead you anywhere, as it is the fundamental idea of creativity and nature. @Alessandro Dadone ❤️❤️

Posted by contgoldmildrasp1971 on July 21, 2019 at 08:45 AM UTC #

Great work. Good luck and success in further work. This is so good. I wish to learn caricature drawing too.

Posted by puwildongle1988 on July 21, 2019 at 09:18 AM UTC #

Great pictures ! Nice work and style!

Posted by benssarrycer1982 on July 21, 2019 at 09:51 AM UTC #

Sssssooo clever! Great project !!!

Posted by gandistketa1973 on July 21, 2019 at 10:23 AM UTC #

Fantastic project! Very nice!! You did a great job!

Posted by anmiterta1983 on July 21, 2019 at 10:56 AM UTC #

Post a Comment:
  • HTML Syntax: NOT allowed

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation