No, Heartbleed was a protocol specification error, where if you implemented
what the spec said you automatically produced a security bug.
paul
> On Jan 11, 2022, at 3:02 PM, Jonathan Katz via cctalk <[email protected]>
> wrote:
>
> Heartbleed?
>
>
> On Tue, 11 Jan 2022 at 20:00, Hauke Fath via cctalk <[email protected]>
> wrote:
>
>> On Mon, 10 Jan 2022 22:04:33 -0800, Stan Sieler via cctalk wrote:
>>> It may have been that either the routine wasn't getting called when it
>>> should, or that the programmer misinterpreted what the return value
>> meant.
>>
>> The Debian 4 OpenSSL disaster comes to mind, where IIRC a know-it-all
>> package manager beautified the source and reduced the effective length
>> of any generated keys to 32 bit. But that was more like 15 yrs ago...
>>
>> Cheerio,
>> Hauke
>>
>> --
>> Hauke Fath <[email protected]>
>> Linnéweg 7
>> 64342 Seeheim-Jugenheim
>> Germany
>>
> --
> -Jon
> +44 7792 149029
