Is a server running iis with a certificate issued by godaddy vulnerable to heartbleed

Question

Is a server running IIS that is hosted by rackspace but using an SSL certificate issued by godaddy vulnerable to heartbleed?

Since it seemed that somebody thought this was worthy of down-voting, let me generalize the question a bit: if an IIS server is not otherwise at risk for heartbleed, is there a risk if it's certificate issuer was? GoDaddy themselves recommend that "For additional security, we recommend that you rekey your SSL certificate." (http://godaddyblog.com/open-ssl-heartbleed-weve-patched-servers/) So, what risk is there, if any, to the non-GoDaddy hosted IIS servers from GoDaddy being affected?

score 5 · Answer 1 · answered Apr 10 '14 at 14:43

5

No. IIS doesn't use OpenSSL.

answered Apr 10 '14 at 14:43

HopelessN00b

53,795
33
135
209

4

*As long as you're actually getting the SSL connection from the IIS server and not some other forward-facing server... like a reverse proxy. Not even sure RS offers that kind of config. – Lynn Crumbling Apr 10 '14 at 15:02

score 1 · Answer 2 · edited Mar 20 '17 at 10:04

1

If you want some reassurance, test your web site with the tools found in this answer:

How to use the internet while Heartbleed is being fixed?

The one from ssllabs https://www.ssllabs.com/ssltest/ does a very good job of listing all the servers behind a domain name. Try google.com for example.

edited Mar 20 '17 at 10:04

Community

1

answered Apr 10 '14 at 14:50

Paul-Henri

11
2
3

Is a server running iis with a certificate issued by godaddy vulnerable to heartbleed

2 Answers2