[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reg: Vulnerability CVE-2014-0160


On Friday 11 April 2014 10:48:38 Aartih wrote:
> Hi,

Hi,
 
> This is regarding the vulnerability CVE-2014-0160 (OpenSSL Heartbleed),
> we understand that we use openSSL in our implementation.
> 
> We link -lssl and use libcrypto.so in our compilation and linking,
> Does this vulnerability has any impact in libssh, Share your thoughts
> regarding this.

the OpenSSL vulnerability has been found an extension for TLS/SSL called 
Heartbeat (RFC 6250). SSH is a protocol like TLS/SSL. So we have nothing todo 
with TLS/SSL nor the bug. We only link against libcrypto which implements the 
cryptographic algorithms.

See:

https://www.openssl.org/docs/crypto/crypto.html


Cheers,

	-- andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx


Follow-Ups:
Re: Reg: Vulnerability CVE-2014-0160Aris Adamantiadis <aris@xxxxxxxxxxxx>
References:
Reg: Vulnerability CVE-2014-0160Aartih <aarthit2014@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org