The client is open to trouble if either it allows incoming SSL connections, or there is a malicious project that the machine is attached to.
-----Original Message----- From: boinc_dev [mailto:[email protected]] On Behalf Of Oliver Bock Sent: Tuesday, April 15, 2014 10:57 AM To: Rom Walton; TarotApprentice Cc: [email protected]; boinc_alpha email list Subject: Re: [boinc_dev] Heartbleed bug with OpenSSL On 15/04/14 16:38 , Rom Walton wrote: > Since the client doesn't use SSL in a server-role it doesn't need to be > backported to older branches. Not sure I understand you correctly but Heartbleed is a bi-directional issue. So yes, client libs need to be updated to protect the client - as you already did for Windows and OSX. Best, Oliver _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
