Resolved -
We've now switched to another certificate provider which offer certificates compatible with older devices.
Our our cache proxy back online and performance is now restored for everyone.
We're still working on a migration path for users running old balenaOS releases in anticipation for future technology deprecation.
Apr 11, 19:35 UTC
Update -
We found out that delta was also affected which prevents hostos upgrade on older devices.
We temporarily disabled our proxy for delta.
Apr 9, 15:42 UTC
Monitoring -
We have temporarily bypassed our cache proxy to restore connectivity to older devices while we identify a migration path for users running affected balenaOS releases from 2019 and older.
Apr 3, 22:25 UTC
Identified -
Balena utilises automated TLS certificate updates to improve the security and trustworthy of our service landscape. This process has now updated to a certificate chain that enforces ECDSA (elliptic curve) instead of RSA encryption.
From all known information, that affects balenaOS releases from around 2019 and older.
We are currently investigating which balenaOS versions containing specific openssl libraries are affected. Moreover, we are assessing how this situation can be solved for such old balenaOS versions in a continuously changing security landscape.
Apr 3, 16:48 UTC