> Our server makes sure it sets SSL_OP_NO_QUERY_MTU in the SSL_CTX. ...
> This should disable the heartbeat extension requests and responses. Should I
> still upgrade it to the 1.0.1g ?
No, it does not disable SSL/TLS heartbeat. Try connecting to your server with
s_client command and type a B
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
