On 10/04/2014 13:44, Sam Moore wrote: > These clients only return 7 bytes, whilst the examples in the readme > return 65535. From what I understand they still shouldn't be doing that. Those 7 bytes should represent a TLS failure, and thus the clients (which use libnss) aren't vulnerable and are replying with a correct response as per the RFC :) [JTK]