[tech] OpenSSL "Heartbleed" Issues
Sam Moore
matches at ucc.gu.uwa.edu.au
Thu Apr 10 18:36:40 WST 2014
On Thu, 10 Apr 2014, James Taylor wrote:
> On 10/04/2014 13:44, Sam Moore wrote:
>> These clients only return 7 bytes, whilst the examples in the readme
>> return 65535. From what I understand they still shouldn't be doing that.
> Those 7 bytes should represent a TLS failure, and thus the clients
> (which use libnss) aren't vulnerable and are replying with a correct
> response as per the RFC :)
Well that makes more sense now.
More information about the tech
mailing list