Skip to main content

Heartbleed bug does not affect JobScheduler or SSH

Submitted by sos-admin on Thu, 04/10/2014 - 11:22
News Date and Time
Apr 10 2014 11:22

Heartbleed is a bug in the OpenSSL software, which is used for Internet communications that use the SSL/TLS protocols. JobScheduler can use SSH, which is a different protocol and thereby unaffected by Heartbleed.

The Heartbleed bug is in the part of the OpenSSL software that implements the TLS protocol's Heartbeat Extension. SSH has a similar function – called 'keepalive' but this uses a different mechanism.

The Eclipse Jetty web server can be used together with JobScheduler. This option has to be activated by users as described in our 'How to run JobScheduler with Jetty' FAQ How to run JobScheduler with Jetty. While Jetty can be configured to use the SSL protocol, it does this using Java VM's SSL and not with OpenSSL so once more, there is no risk from Heartbleed.

The 'heartbeats' that we use to describe one of the ways JobSchedulers communicate with each other are not affected by the Heartbleed bug either. JobSchedulers configured for cluster operation read and write their heartbeats directly from and to the database. JobSchedulers configured for supervisor/workload operation use the TCP protocol, which is again different to SSL/TLS. See our 'Remote Execution' FAQ for more information.