[OTR-users] OTR and OpenSSL Heartbleed vulnerability?
Bernard Tyers - ei8fdb
ei8fdb at ei8fdb.org
Wed Apr 16 16:32:23 EDT 2014
On 9 Apr 2014, at 17:55, Ian Goldberg <ian at cypherpunks.ca> wrote:
> OTR is a protocol. Different implementations of the protocol might use
> different libraries. But it doesn't really matter what library the OTR
> implementation uses; if a vulnerable openssl is used in your IM client
> *at all*, you're vulnerable.
>
> The standard libotr uses libgcrypt, for the record.
Hi Ian,
Can you explain when where an IM client would use openssl in terms of OTR? I think I am misunderstanding the your comment.
I’d like to know how IM clients (if any) could be affected, in terms of OTR, or file transfers, etc..
thanks,
Bernard
--------------------------------------
Bernard / bluboxthief / ei8fdb
If you’d like to get in touch, please do: http://me.ei8fdb.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20140416/1b9b769d/attachment.pgp>
More information about the OTR-users
mailing list