On 9 Apr 2014, at 17:55, Ian Goldberg <i...@cypherpunks.ca> wrote: > OTR is a protocol. Different implementations of the protocol might use > different libraries. But it doesn't really matter what library the OTR > implementation uses; if a vulnerable openssl is used in your IM client > *at all*, you're vulnerable. > > The standard libotr uses libgcrypt, for the record.
Hi Ian, Can you explain when where an IM client would use openssl in terms of OTR? I think I am misunderstanding the your comment. I’d like to know how IM clients (if any) could be affected, in terms of OTR, or file transfers, etc.. thanks, Bernard -------------------------------------- Bernard / bluboxthief / ei8fdb If you’d like to get in touch, please do: http://me.ei8fdb.org/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ OTR-users mailing list OTR-users@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users
