On Friday 11 April 2014 10:48:38 Aartih wrote: > Hi, Hi, > This is regarding the vulnerability CVE-2014-0160 (OpenSSL Heartbleed), > we understand that we use openSSL in our implementation. > > We link -lssl and use libcrypto.so in our compilation and linking, > Does this vulnerability has any impact in libssh, Share your thoughts > regarding this.
the OpenSSL vulnerability has been found an extension for TLS/SSL called Heartbeat (RFC 6250). SSH is a protocol like TLS/SSL. So we have nothing todo with TLS/SSL nor the bug. We only link against libcrypto which implements the cryptographic algorithms. See: https://www.openssl.org/docs/crypto/crypto.html Cheers, -- andreas -- Andreas Schneider GPG-ID: CC014E3D www.cryptomilk.org [email protected]
