Jump to content
Mumble forums

Heartbleed | server vulnerable = client cert exposed?


Recommended Posts


quick question about the heartbleed bug

if you had murmur (server) running with a vulnerable version of openssl could the connecting clients (running with a none vulnerable version of openssl) have had there certificate revealed to any potential attacker?


any reply would be greatly appreciated


Link to comment
Share on other sites

We ourselves never distributed vulnerable versions.

If you built against a vulnerable version of OpenSSL or use a distro that did so, yes, I guess so.


thanks for answering

yeah i now i read the message in your blogg

i used the package available in debian stable (wheezy) which if im not mistaking used a vulnerable version of openssl.

time for some certificate revocation i guess


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...