OpenSSL Heartbleed bug and SFTPPlus

Thu 17 April 2014 | security server

SFTPPlus uses OpenSSL only for FTPS protocol. SFTP protocol is not affected by this bug.

On Unix and Linux, SFTPPlus software use the OpenSSL library provided by the operating system. Unix and Linux operating system supported by SFTPPlus (RHEL 4, RHEL5, RHEL6, SLES 11, AIX 5.3) are not affected by this bug as they all use older versions of OpenSSL.

If you use CentOS 6 instead of RHEL 6, you might be affected by this problem and you should update the CentOS 6 system, If you use Ubuntu 12.04 then you should also update the operating system. Security fixes are already available for both CentOS and Ubuntu.

For Windows, SFTPPlus software use OpenSSL version 0.9.8 which is not affected bu this bug.