Egress update: Heartbleed Bug won't affect Egress Switch products
London – April 2014 – We would like to reassure you that the vulnerability identified in the OpenSSL crypto libraries will not affect any of the Egress Switch software applications.
The Egress Switch portfolio of products rely on the TLS implementation built into the operating system. Switch servers run Windows Server 2012 and use the TLS implementation from Microsoft (Secure Channel / http.sys), which are not affected by the Heartbleed vulnerability. Additionally, if supported by the client operating system, PFS (Perfect Forward Secrecy) mode is used, which prevents decryption of previously sent secrets, such as keys and passwords, even if the server certificate private key gets compromised.
For more information about the Heartbleed Bug, please click here.
Should you have any questions, please contact your Egress Technical Account Manager for further details.
About Egress Software Technologies
Egress Software Technologies is the leading provider of email and file encryption software, offering innovative on-demand data security to enable organisations and individuals in the Public and Private Sectors to share confidential information with third parties.
As the first, and currently only, CESG CPA Foundation Grade certified email encryption product, Egress Switch enables public and private sector customers to share highly sensitive information over the internet, without the need to manage external third party credentials.
Combining on-premise and hosted Cloud infrastructure with patented key management, Egress Switch provides a unique community-based licensing model called the Egress Trust Network. The Network is made up of paying and free Egress Switch subscribers, who are able to share information securely with one another using a single global identity. Delivered as a fully managed service, the Trust Network has grown virally to over one million members.