Does it matter if you are only using client-side SSL, if you are not running a server with Strawberry but just connecting to sites?
-- Matthew > On Apr 16, 2014, at 1:31, "kmx" <k...@atlas.cz> wrote: > > Olivier, > > You can try updated strawberry perl from: > > http://strawberryperl.com/download/5.18.2.2/strawberry-perl-5.18.2.2-32bit.msi > > http://strawberryperl.com/download/5.18.2.2/strawberry-perl-5.18.2.2-64bit.msi > http://strawberryperl.com/download/5.18.2.2/strawberry-perl-5.18.2.2-32bit.zip > http://strawberryperl.com/download/5.18.2.2/strawberry-perl-5.18.2.2-64bit.zip > http://strawberryperl.com/download/5.18.2.2/strawberry-perl-5.18.2.2-32bit-portable.zip > http://strawberryperl.com/download/5.18.2.2/strawberry-perl-5.18.2.2-64bit-portable.zip > > -- > kmx > >> On 15.4.2014 0:36, kmx wrote: >> Hi, >> >> you can get updated openssl binaries from: >> - http://strawberryperl.com/package/kmx/64_libs/gcc47-2014Q1/ >> - http://strawberryperl.com/package/kmx/32_libs/gcc47-2014Q1/ >> >> I am considering releasing strawberry perl 5.18.2.2 (with new openssl) >> before the end of April. >> >> -- >> kmx >> >>> On 12.4.2014 20:45, Olivier Mengué wrote: >>> Hi, >>> >>> You have probably heard of the now famous "heartblead" bug of the OpenSSL >>> library. >>> http://heartbleed.com/ >>> >>> StrawberryPerl is bundled with a binary of the OpenSSL library so I'm >>> wondering if StrawberryPerl is affected by the bug. >>> >>> I had a look at the release notes of StrawberryPerl to look for the version >>> number of the OpenSSL and all versions of StrawberryPerl since at least >>> 5.16.0.1 have an OpenSSL in the range affected by the heartbleed bug. >>> >>> It would be helpful to have an official statement from the StrawberryPerl >>> team regarding this issue and to display it prominently on the >>> StrawberryPerl.com page. >>> >>> Olivier Mengué >>> https://metacpan.org/author/DOLMEN >