[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 12/04/14 09:35, Martijn Grooten wrote:
Even auditing the software would have not found this - it seems the RFC for it requests just what happened! It has, however, been confirmed you can get the the keys from a server. https://www.cloudflarechallenge.com/heartbleedOn Sat, Apr 12, 2014 at 06:44:40AM +0100, Simon Waters wrote:Bad Apple specifically said auditing, and I think this is the key.Exactly. It is kind of odd, given the tech industry's focus on compliance, that you can still use a relatively poorly audited piece of software to protect your secure connections. And even to protect the key to your castle, as things just took a turn for the worse: http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed Martijn.
Tom te tom te tom -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq