Impact of CVE-2014-0160?

Guus Sliepen guus at tinc-vpn.org
Thu Apr 10 18:08:11 CEST 2014


On Thu, Apr 10, 2014 at 05:35:39PM +0200, Jan Lühr wrote:

> since tinc depends on OpenSSL (at least in Debian):
> 
> -> In what way does CVE-2014-0160 impact tinc?

Tinc does not use the SSL or TLS protocol, so it is not affected at all by the
Heartbleed bug.

> -> Does tinc use PFS?

Not in tinc 1.0.x, but in 1.1 when the new protocol is enabled.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140410/ca97f163/attachment.sig>


More information about the tinc mailing list