Support Center


JumpCloud has reviewed all its systems and use of encryption, and has taken steps to address our limited vulnerability to the OpenSSL Heartbleed vulnerability.

The technologies in use by JumpCloud, including:
  • Node.js - disables the heartbeat extension in OpenSSL
  • Go - has it's own TLS implementation, and thus is unaffected
  • OpenVPN - uses the tls-auth directive, causing packets without a valid HMAC to be dropped
  • AWS Elastic Load Balancers - terminates our SSL connections, and while initially vulnerable, Amazon has since patched ELB, and we have rotated our keys as required.

Last Updated: Jul 25, 2017 02:49PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found