On Wed, 16 Apr 2014, Ovnicraft wrote:
Can you explain when where an IM client would use openssl in terms of OTR? I think I am misunderstanding the your comment.
For instance connecting to a XMPP/jabber server over TLS.
In terms of OTR you are not, so if your IM client use openssl to any implementation (following Ian comment) your are vulnerable.
As apparently TLS clients are also vulnerable, and the TLS/openssl code runs in the same program memory as OTR, I would expect it to be vulnerable. Paul _______________________________________________ OTR-users mailing list OTR-users@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users
