[OTR-users] OTR and OpenSSL Heartbleed vulnerability?
Paul Wouters
paul at cypherpunks.ca
Sat Apr 19 12:04:00 EDT 2014
On Wed, 16 Apr 2014, Ovnicraft wrote:
> Can you explain when where an IM client would use openssl in terms of OTR? I think I am
> misunderstanding the your comment.
For instance connecting to a XMPP/jabber server over TLS.
> In terms of OTR you are not, so if your IM client use openssl to any implementation (following Ian comment)
> your are vulnerable.
As apparently TLS clients are also vulnerable, and the TLS/openssl code
runs in the same program memory as OTR, I would expect it to be
vulnerable.
Paul
More information about the OTR-users
mailing list