[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Heartbleed and TOR

Since I am neither an expert on OpenSSL nor TOR, let's get one question out of the way before anything further is said on the topic: Does TOR actually use potentially vulnerable versions of OpenSSL (or use it at all, for that matter)?

If so, then it *could* pose a risk to TOR (until and unless the version of OpenSSL that TOR uses is patched). If NOT, then this bug does not affect TOR.

In any event, the BEST places to get information on OpenSSL and the Heartbleed bug are the official Heartbleed web site, and the OpenSSL mailing lists.

From what I have read, the bug is a server side bug, and does not pose much risk to regular users (aside from the risk that your user names, passwords and other information in the RAM of servers that you have used in the past 2 years or so *MAY* have been compromised - though there are many other ways your information could be compromised).
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to