This is a read-only archive of the Mumble forums.

This website archives and makes accessible historical state. It receives no updates or corrections. It is provided only to keep the information accessible as-is, under their old address.

For up-to-date information please refer to the Mumble website and its linked documentation and other resources. For support please refer to one of our other community/support channels.

Jump to content

Heartbleed | server vulnerable = client cert exposed?

blitz-krieg

By blitz-krieg,
in Technical

 Share

Recommended Posts

blitz-krieg Newbie

blitz-krieg

Posted
Posted

hi


quick question about the heartbleed bug


if you had murmur (server) running with a vulnerable version of openssl could the connecting clients (running with a none vulnerable version of openssl) have had there certificate revealed to any potential attacker?


http://blog.mumble.info/wp-uploads/2014/04/heartbleed.png


any reply would be greatly appreciated


/blitz-krieg

Link to comment
Share on other sites
blitz-krieg Newbie

blitz-krieg

Posted
  • Author
Posted
We ourselves never distributed vulnerable versions.

If you built against a vulnerable version of OpenSSL or use a distro that did so, yes, I guess so.

 

thanks for answering


yeah i now i read the message in your blogg

i used the package available in debian stable (wheezy) which if im not mistaking used a vulnerable version of openssl.


time for some certificate revocation i guess


/blitz-krieg

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...