Re: Heart bleed with 0.9.8 and 1.0.1

2014-04-15 Thread ag@gmail
:32 AM, cvishnuid wrote: > > Hi I am having 0.9.8 open ssl libraries in my server and 1.0.1 in my client. > Am I venerable to heart bleed attach? Regards, Vishnu. > View this message in context: Heart bleed with 0.9.8 and 1.0.1 > Sent from the OpenSSL - User mailing list archive at Nabble.com.

Re: Heart bleed with 0.9.8 and 1.0.1

2014-04-15 Thread Dave Thompson
e only exception I see is sigalgs which only makes sense for D/TLS1.2. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of cvishnuid Sent: Sunday, April 13, 2014 12:24 To: openssl-users@openssl.org Subject: *** Spam *** Re: Heart bleed with 0.9.8 and

RE: Heart bleed with 0.9.8 and 1.0.1

2014-04-14 Thread cvishnuid
Now i understood the concept .. Till now i am assuming that attacker will send only the heart beat request with out performing any SSL handshake messages. I was wrong . Attacker will establish a new connection and send all the handshake messages and then the faked heart beat request . -

RE: Heart bleed with 0.9.8 and 1.0.1

2014-04-14 Thread cvishnuid
In my scenario if the client don't respond for heart beat request then my client is safer ? -- View this message in context: http://openssl.6102.n7.nabble.com/Heart-bleed-with-0-9-8-and-1-0-1-tp49300p49402.html Sent from the OpenSSL - User mailing list archive at Nabble.com. _

RE: Heart bleed with 0.9.8 and 1.0.1

2014-04-14 Thread Alan Buxey
hi, >Will client respond for heart beat request even if server doesn't support >heart beat . ? no. both systems need to have some heartbeat code present. >Which version of ssl this heart beat in introduced ? same as all the original advisories have said 1.0.1 - fixed in 1.0.1g but patches to

Re: Heart bleed with 0.9.8 and 1.0.1

2014-04-14 Thread cvishnuid
ttp://user/SendEmail.jtp?type=node&node=49373&i=0> > > wrote: > >> Hi I am having 0.9.8 open ssl libraries in my server and 1.0.1 in my >> client. Am I venerable to heart bleed attach? Regards, Vishnu. >> ------ >> View this mes

Re: Heart bleed with 0.9.8 and 1.0.1

2014-04-13 Thread Jin Jiang
Vishnu. > -- > View this message in context: Heart bleed with 0.9.8 and > 1.0.1<http://openssl.6102.n7.nabble.com/Heart-bleed-with-0-9-8-and-1-0-1-tp49300.html> > Sent from the OpenSSL - User mailing list > archive<http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html>at Nabble.com. >

Heart bleed with 0.9.8 and 1.0.1

2014-04-11 Thread cvishnuid
HiI am having 0.9.8 open ssl libraries in my server and 1.0.1 in my client.Am I venerable to heart bleed attach?Regards,Vishnu. -- View this message in context: http://openssl.6102.n7.nabble.com/Heart-bleed-with-0-9-8-and-1-0-1-tp49300.html Sent from the OpenSSL - User mailing list archive at N