Impact of CVE-2014-0160?
Guus Sliepen
guus at tinc-vpn.org
Thu Apr 10 18:08:11 CEST 2014
On Thu, Apr 10, 2014 at 05:35:39PM +0200, Jan Lühr wrote:
> since tinc depends on OpenSSL (at least in Debian):
>
> -> In what way does CVE-2014-0160 impact tinc?
Tinc does not use the SSL or TLS protocol, so it is not affected at all by the
Heartbleed bug.
> -> Does tinc use PFS?
Not in tinc 1.0.x, but in 1.1 when the new protocol is enabled.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140410/ca97f163/attachment.sig>
More information about the tinc
mailing list