OpenSSL leaks server-Keys / The Heartbleed Bug

mex nginx-forum at nginx.us
Tue Apr 8 10:50:33 UTC 2014


A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.


https://www.openssl.org/news/secadv_20140407.txt
http://heartbleed.com/
http://www.reddit.com/r/netsec/comments/22gym6/diagnosis_of_the_openssl_heartbleed_bug/
http://security.stackexchange.com/search?q=heartbleed


regards,


mex

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249102,249102#msg-249102



More information about the nginx mailing list