RTI Connext DDS and the OpenSSL Heartbleed Bug

Note: This solution applies to RTI Connext DDS 5.1.0.

The Heartbleed bug, which causes a serious security threat, has been recently identified in certain versions of the OpenSSL cryptographic software library. More information about the bug can be found at www.heartbleed.com.

OpenSSL is used for certain features in RTI Connext DDS such as the Secure WAN and TLS transports. RTI Connext DDS 5.1.0 shipped with a version of OpenSSL that is affected by the Heartbleed bug.

OpenSSL version 1.0.1g addresses the heartbleed bug (see OpenSSL security advisory here: http://www.openssl.org/news/secadv_20140407.txt). RTI has built and tested OpenSSL version 1.0.1g against RTI Connext DDS 5.1.0 and made it available on the RTI Customer Portal. Any customer who is using RTI Connext DDS 5.1.0 and OpenSSL should replace their OpenSSL installation with the new available version.

If you are using another version of RTI Connext DDS, you are not affected by the vulnerability and no action is required.