A major new SSL vulnerability has been recently identified by security experts, nicknamed the “CCS Injection Vulnerability” or “MITM CCS Injection Attack”. It is especially severe because it allows anyone on the Internet to decrypt your encrypted data sent using SSL/TLS and HTTPS technologies, at any point between your server and the client accessing your encrypted data. Attackers can eavesdrop and modify your encrypted communications if your both your server and the client is vulnerable; and can completely hijack the authenticated session, even if only the server is vulnerable.
You can find out more details of this vulnerability here:
To determine if your server(s) are vulnerable, check what version of OpenSSL is installed. All OpenSSL versions ARE vulnerable EXCEPT these listed below:
OpenSSL 1.0.1h is NOT vulnerable
OpenSSL 1.0.0m is NOT vulnerable
OpenSSL 0.9.8za is NOT vulnerable
If your server(s) are vulnerable, in order to fix this vulnerability, you will need to upgrade your version of OpenSSL; and ideally completely re-issue and re-install all your SSL certificate(s).
All Pantek Support Engineers have been advised of this issue, and trained in the appropriate response procedure. If you would like our assistance to determine if your server(s) are indeed vulnerable, or to fix the vulnerability, please contact our support team using any of the normal methods. For fastest response, we recommend opening a Support Ticket via the Pantek Portal: https://portal.pantek.com
Typically, our team can determine if your server is vulnerable with a time expenditure of 15 minutes. Vulnerable servers can typically be patched and SSL certificates replaced with an additional 30-45 minute time expenditure, but this may vary with certain configurations.
Pantek Clients who have purchased a Managed Service Plan will receive a separate notification, as management of these third-party security issues without incurring extra charges. You can find more details on our Managed Service Plans here: