A major vulnerability in the OpenSSL cryptographic software library has just been published [1]. If you have a Gandi SSL certificate, please read this post carefully before taking action.

This flaw has existed for some time, and there is a possibility that X509/SSL private keys have been compromised undetectably.

This flaw is present in OpenSSL from version 1.0.1 up to and including 1.0.1f, referred to as the "heartbleed" [2] bug.

If your servers are using an affected version* of OpenSSL, you need to

  • If you are using our SSL certificates on our PaaS platform (Simple Hosting) or via our web accelerator, you should know we fixed this vulnerability as soon as we were informed of it, and we will try to give further details about how your private keys could have been exposed by our platform.
  • If you are using our IaaS infrastructure (Gandi Cloud VPS), or that of another hosting provider, and your servers are using an affected version* of OpenSSL, you need to:
  1. Patch the openSSL version on any server you own and operate yourself by installing security updates provided in your package manager. (For example, on Debian, ensure you're using the official debian-security repository, then run `apt-get update` and `apt-get install openssl`, then restart all services that use SSL.)
  2. Generate new private keys and certificates to restore security of your services (see below if you're using a Gandi SSL certificate).
  • If you are using our SSL certificates, either on our infrastructure (on our PaaS/Simple Hosting instances) or on external services, then it is recommended that you regenerate a CSR and private key. Note: Do not revoke the certificate! Replaced certificates will be automatically revoked (more details will be posted on this in the near future). If you revoke the certificate yourself, you will not be able to replace it afterwards, and you'll instead have to buy a new one.

Additional technical information is available in this GandiKitchen blog post.

If you have questions, please contact support.

[1] CVE-2014-0160

[2] heartbleed.com

*If you aren't sure if your server is affected, you can try a tool like this one (not provided or tested by Gandi).


This Wednesday, 16 April, at 9am PST, two new extensions are entering General Availability.

Here they are, along with a link to the TLD pricing page and the GoLive price of a one-year registration at A rates:

As usual, once an extension enters GoLive, registrations are first-come, first-served.

If you're reading this before GoLive begins (Wednesday, 16 April at 9am PST), you can pay extra for a Landrush registration right now, or pre-register your domains at GoLive prices and we'll submit them to the registry the moment GoLive begins.

Register a domain under one of these TLDs?


With six new Afilias gTLDs entering GoLive today, the race will be close. Domains under these extensions will be first-come, first-served.

The gates open at 9am PST on Tuesday, 15 April.

Below, you'll find the list of newcomers, accompanied by prices at A rates and a link to each TLD info page:

Please note that among these extensions, only .buzz had a Landrush, which means that many of the best domain names will be up for grabs when GoLive starts!

Register a domain under one of these TLDs?




Today, Tuesday, April 8th, 2014, we are pleased to present a new batch of Donuts extensions in Sunrise.

As usual, registrations during Sunrise are restricted to TMCH copyright holders, but anyone can submit a pre-registration (Landrush or GoLive) and we'll submit the order to the Registry as soon as the corresponding phase begins.

Below, you'll find the list of extensions accompanied by a link to the pricing page, the Sunrise price and the GoLive price at A rates:


Today, Wednesday 2 April, seven new gTLDs are entering General Availability.

You'll find the list below, with a link to the TLD info page and the price at A rates for a one-year creation:

Note: Only Cyrillic names can be registered under .онлайн and .сайт ("online" and "site" respectively), according to the rules of the Core registry.

Register a domain under one of the above extensions:


A scheduled maintenance will take place between Tuesday 01 April 22:00 and Wednesday 2 April 05:00 UTC (01 April 2pm to 9pm PST).

During the maintenance, zone file updates on domains hosted on {a,b,c}.dns.gandi.net could be delayed.

Please excuse us for any inconvenience.

Regards,

The Gandi team


It's Tuesday, which means another batch of new gTLDs in Sunrise at Gandi, including the much-anticipated .wiki.

All of today's new extensions are now available for Sunrise registrations (read: TMCH trademark holders only), but also for Landrush and GoLive pre-registrations, which we will submit on your behalf at the beginning of the corresponding phase.

The list of extensions follows, accompanied by the link to the corresponding TLD pricing page, the Sunrise price, the GoLive date and GoLive price:

  • .DATING:               $171.68 | 11 June: $63.04
  • .EVENTS:              $158.68 | 11 June: $38.34
  • .INK:                      $135.96 | 23 June: $31.90
  • .PARTNERS:         $171.68 | 11 June: $63.04
  • .PRODUCTIONS$158.68 | 11 June: $38.34
  • .PUB:                     $124.68 |  9 July:   $24.44
  • .QPON:                   $19.72  |  6 May:   $19.72
  • .WIKI:                     $135.96 | 26 May:  $31.90

Register a domain under one of these TLDs?:


A scheduled maintenance will take place between Monday 31 March 22:00 and Tuesday 1 April 05:00 UTC (31 March 2pm to 9pm PST).

During the maintenance, zone file updates on domains hosted on {a,b,c}.dns.gandi.net could be delayed.

Please excuse us for any inconvenience.

Regards,

The Gandi team


Page 1 2 338 39 40
Change the news ticker size