A major vulnerability in the OpenSSL cryptographic software library has just been published [1]. If you have a Gandi SSL certificate, please read this post carefully before taking action.

This flaw has existed for some time, and there is a possibility that X509/SSL private keys have been compromised undetectably.

This flaw is present in OpenSSL from version 1.0.1 up to and including 1.0.1f, referred to as the "heartbleed" [2] bug.

If your servers are using an affected version* of OpenSSL, you need to

  • If you are using our SSL certificates on our PaaS platform (Simple Hosting) or via our web accelerator, you should know we fixed this vulnerability as soon as we were informed of it, and we will try to give further details about how your private keys could have been exposed by our platform.
  • If you are using our IaaS infrastructure (Gandi Cloud VPS), or that of another hosting provider, and your servers are using an affected version* of OpenSSL, you need to:
  1. Patch the openSSL version on any server you own and operate yourself by installing security updates provided in your package manager. (For example, on Debian, ensure you're using the official debian-security repository, then run `apt-get update` and `apt-get install openssl`, then restart all services that use SSL.)
  2. Generate new private keys and certificates to restore security of your services (see below if you're using a Gandi SSL certificate).
  • If you are using our SSL certificates, either on our infrastructure (on our PaaS/Simple Hosting instances) or on external services, then it is recommended that you regenerate a CSR and private key. Note: Do not revoke the certificate! Replaced certificates will be automatically revoked (more details will be posted on this in the near future). If you revoke the certificate yourself, you will not be able to replace it afterwards, and you'll instead have to buy a new one.

Additional technical information is available in this GandiKitchen blog post.

If you have questions, please contact support.

[1] CVE-2014-0160

[2] heartbleed.com

*If you aren't sure if your server is affected, you can try a tool like this one (not provided or tested by Gandi).



DNS resolution was interrupted for a few minutes on the hosting platform at our Paris datacenter.

While working on the machines which handle the DNS resolution for the Paris datacenter, some of them stopped responding at 11:04 AM (CEST).

Our technical team found and fixed the source of the issue at 11:24 AM.

We apologize for any inconvenience this problem may have caused to you.




Gandi has scheduled network maintenance tomorrow Wednesday, 26 March 2014 between 22:00 and 23:59 UTC

You may see some packet loss during their duration.

We apologize for any inconvenience this may cause.

If you require further information or assistance, please do not hesitate to contact the Support Team.

Regards,

Gandi Team




A maintenance on IAAS/PAAS storage units located in france and luxembourg is scheduled for :

    18/03/2014 from 00.00AM CET to 02.00AM CET (from 2.00PM PDT)

The service will not be unavailable during the whole maintenance window. Service will be degraded for a few minutes during the maintenance window.

-OPs Team-


A maintenance on our GandiMail platform will be held on 2014-03-08 from 7:00 p.m. to 2014-03-09 7:00 a.m.  UTC (8 March, 11am to 11pm PST). 

Disturbances may occur during this maintenance, including intermittent access to mail.gandi.net in IMAP/POP3.

Please accept our apologies for the inconvenience.

UPDATE 2014-03-09 03:00 UTC (8 March 7pm PST): The maintenance is complete.


Page 1 2 311 12 13
Change the news ticker size