The Twine forums are now archived. If you need help, please visit

Heartbleed Fixes on the Twine.CC site?

The website certificates haven't been updated and the site seems to be possibly vulnerable based on generic version info. Any timeline for securing the site & data?


  • 5 Comments sorted by Votes Date Added
  • Rule #1 with Heartbleed: Don't panic.
    Lastpass' checker says they can't tell whether it is/was vulnerable, since it's using the Tornado server

    I don't see any discussion of Heartbleed with the Tornado server. That doesn't mean it's not using it, as a scan of the GitHub for Tornado has comments indicating that OpenSSL is required for SSL.

    A response from our hosts would be nice
  • I sent a note to support, and got a response from Christina:
    " has been patched and the SSL certs were reissued after Heartbleed."

    So now is the time to change passwords.
  • Interesting response. The certificate that was issued previously has not been revoked and the current cert in use by the top level site was issued on 5/26/2013 and expires on 5/30/2014 but hasn't yet been swapped.
  • And now the certificate is expired as of (5/30/2014 5:19:17 AM GMT)
Sign In or Register to comment.