[OTR-users] OTR and OpenSSL Heartbleed vulnerability?

Ovnicraft ovnicraft at gmail.com
Sat Apr 19 18:30:50 EDT 2014


On Sat, Apr 19, 2014 at 11:04 AM, Paul Wouters <paul at cypherpunks.ca> wrote:

> On Wed, 16 Apr 2014, Ovnicraft wrote:
>
>  Can you explain when where an IM client would use openssl in terms of
>> OTR? I think I am
>> misunderstanding the your comment.
>>
>
> For instance connecting to a XMPP/jabber server over TLS.
>
>
>  In terms of OTR you are not, so if your  IM client use openssl to any
>> implementation (following Ian comment)
>> your are vulnerable.
>>
>
> As apparently TLS clients are also vulnerable, and the TLS/openssl code
> runs in the same program memory as OTR, I would expect it to be

vulnerable.


Hi Paul, could be possible analize this topic, i consider really helpful a
better understood around.

Regards,

>
>
> Paul
>



-- 
Cristian Salamea
@ovnicraft
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20140419/66921367/attachment.html>


More information about the OTR-users mailing list