Okay, I stand corrected. Had to go re-read the advisory. In order to exploit the client wouldn't a project server using SSL have to be compromised?
----- Rom -----Original Message----- From: Oliver Bock [mailto:[email protected]] Sent: Tuesday, April 15, 2014 10:57 AM To: Rom Walton; TarotApprentice Cc: [email protected]; boinc_alpha email list Subject: Re: [boinc_dev] Heartbleed bug with OpenSSL On 15/04/14 16:38 , Rom Walton wrote: > Since the client doesn't use SSL in a server-role it doesn't need to > be backported to older branches. Not sure I understand you correctly but Heartbleed is a bi-directional issue. So yes, client libs need to be updated to protect the client - as you already did for Windows and OSX. Best, Oliver _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
