[OTR-users] OTR and OpenSSL Heartbleed vulnerability?
Ximin Luo
infinity0 at pwned.gg
Wed Apr 9 12:54:45 EDT 2014
On 09/04/14 17:44, dweezil wrote:
> I've been looking over the web trying to find if OTR is susceptible to the OpenSSL Heartbleed vulnerability and haven't found anything.
>
> Can anyone confirm or deny (with proof/examples would be awesome) whether or not OTR is vulnerable? Does OTR use OpenSSL and if so, what version?
>
OTR is not TLS so no, it's not susceptible. You can look at the source code yourself to check that it doesn't depend on OpenSSL.
https://packages.debian.org/sid/libotr5 - no "libssl" dependency.
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 880 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20140409/1994f605/attachment.pgp>
More information about the OTR-users
mailing list