Change Download Preference


{{errorInSavingPref}}
Current Preference
{{dwnldPreference}}
Change Preference to:

Response to the OpenSSL (Heartbleed) Vulnerability

Last Updated: April 11, 2014

The CA Technologies Product Vulnerability Response Team has reviewed our product portfolio and confirmed that this product does NOT utilize a vulnerable version of OpenSSL 1.0.1 ("Heartbleed").

No version of Directory uses a version of a cryptographic library that is vulnerable to CVS-2014-0160 (aka 'Heartbleed'). This includes running CA Directory in FIPs compliant mode which enables the RSA Bsafeā„¢ libraries.
CA Directory uses the CAPKI cryptographic library. The version of OpenSSL used is 0.9.8h and is not affected by this vulnerability.