All-clear: No “heartbleeding” PTV xServer

Heartbleed-LogoThe Internet is abuzz with the recently found Heartbleed bug that affected the security of many servers relying on OpenSSL code. This bug is serious: “Catastrophic is the right word. On the scale of 1 to 10, this is an 11.” commented security expert Bruce Schneier. The security firm Codenomicon that discovered Heartbleed published a website with detailed information.

But here are some good news: The PTV xServer itself is not affected! The OpenSSL cryptographic software library is not included in the initial distribution of the PTV xServer. For handling HTTPS requests we use the Java SE implementation of the TLS protocol (see the Oracle website under point “5.0 Products That Do Not Include OpenSSL”).

Of course, in case of using a separate proxy server that redirects HTTPS requests to the PTV xServer as simple HTTP (recommended scenario by PTV), you have to check if your proxy server is affected.