Diplomat Managed File Transfer products, including Diplomat Cloud Connector and Diplomat OpenPGP Community Edition do not contain the Heartbleed bug.
Diplomat products exclusively use the Java encryption libraries for SSL and TLS encryption. SSL encryption is used for communication between Diplomat product components, for FTPS connections and for HTTPS connections. In all of these cases, Diplomat products rely on the Java encryption libraries and not on OpenSSL. The Java libraries are not affected by the Heartbleed bug.
Diplomat products act as clients for connections to FTPS or HTTPS servers. These FTPS and HTTPS servers may still contain the Heartbleed bug.
If the Heartbleed bug exists on FTPS or HTTPS servers, certain information passed from any FTP or HTTP client to the FTPS or HTTPS server may still be at risk. Any users connecting to FTPS and HTTPS servers should confirm that the servers are not at risk before continuing file transfers. Users can refer to a list File Transfer Consulting is compiling of Heartbleed bug statements from file transfer vendors.
“We encourage our customers to confirm with their trading partners that any vulnerability in their FTPS or HTTPS servers have been addressed,” says Pam Reid, CEO at Coviant Software. “Once vulnerable servers have been remediated, we recommend that our customers request updated usernames and passwords from the FTPS and HTTPS server managers before resuming file transfer jobs.”