Heartbleed and EAP

As an IT professional, it is hard not to know about Heartbleed. But the mainstream view of the problem, namely that it mostly affects web servers, is incomplete.

The TLS protocol is also in use in rather "obscure" setups such as RADIUS/EAP.

As soon as the news about Heartbleed started to spread, eduroam Operations started to investigate whether EAP logins are affected at all, which eduroam servers are endangered, what the consequences of compromise are, and how to mitigate the effects.

This lightning talk will shed lights about the timeline of events and actions taken by eduroam Operations to keep eduroam out of harms way.



  • Stefan Winter <stefan.winter@restena.lu>

Part of session

Lightning Talks

Related documents