Due to the heartbleed OpenSSL vulnerability, I took down my service quickly on Apr. 7 after an emergency recompilation of OpenSSL with the TLS heartbeat disabled. I restarted them afterwards, with the non-vulnerable version installed. Today I upgraded to 1.0.1g which actually fixes the issue instead of disabling the feature.

Due to the nature of the vulnerability, there is no way to know if the certificates were compromised, therefore I revoked all my certificates and created new ones. The new ones are still signed by my CA, and were created the 8th of April in the afternoon. I also took the precaution of removing the DANE-EE DNS records a few hours earlier, so anyone using a DANE validator shouldn’t have issues (DANE-TA records are still there).

For jeproteste.info XMPP users, the new fingerprint should be AE:E6:60:27:B7:EB:A1:6C:25:63:51:CF:03:EA:A4:9D:F0:62:BD:DD.