On 09/04/14 17:44, dweezil wrote: > I've been looking over the web trying to find if OTR is susceptible to the > OpenSSL Heartbleed vulnerability and haven't found anything. > > Can anyone confirm or deny (with proof/examples would be awesome) whether or > not OTR is vulnerable? Does OTR use OpenSSL and if so, what version? >
OTR is not TLS so no, it's not susceptible. You can look at the source code yourself to check that it doesn't depend on OpenSSL. https://packages.debian.org/sid/libotr5 - no "libssl" dependency. -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OTR-users mailing list OTR-users@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users
