[OTR-users] OTR and OpenSSL Heartbleed vulnerability?
Ovnicraft
ovnicraft at gmail.com
Wed Apr 16 19:26:10 EDT 2014
On Wed, Apr 16, 2014 at 3:32 PM, Bernard Tyers - ei8fdb
<ei8fdb at ei8fdb.org>wrote:
>
> On 9 Apr 2014, at 17:55, Ian Goldberg <ian at cypherpunks.ca> wrote:
>
> > OTR is a protocol. Different implementations of the protocol might use
> > different libraries. But it doesn't really matter what library the OTR
> > implementation uses; if a vulnerable openssl is used in your IM client
> > *at all*, you're vulnerable.
> >
> > The standard libotr uses libgcrypt, for the record.
>
> Hi Ian,
>
> Can you explain when where an IM client would use openssl in terms of OTR?
> I think I am misunderstanding the your comment.
>
In terms of OTR you are not, so if your IM client use openssl to any
implementation (following Ian comment) your are vulnerable.
Regards,
>
> I’d like to know how IM clients (if any) could be affected, in terms of
> OTR, or file transfers, etc..
>
> thanks,
> Bernard
>
> --------------------------------------
> Bernard / bluboxthief / ei8fdb
>
> If you’d like to get in touch, please do: http://me.ei8fdb.org/
>
>
>
>
>
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>
>
--
Cristian Salamea
@ovnicraft
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20140416/55ac1151/attachment.html>
More information about the OTR-users
mailing list