Heartbleed attack on Openssl

Robert J. Hansen rjh at sixdemonbag.org
Thu Apr 10 01:42:24 CEST 2014

> Chromium (from which chrome is based) actually embeds a copy of openssl,
> but doesn't use it for its TLS implementation, which is where the bug
> would be triggered.  (i'm not sure why they do this embedding actually,
> i haven't reviewed it).

I have heard that Chrome is migrating to OpenSSL instead of Mozilla's
NSS libraries; it's possible Chromium is a testbed.  Speculation on my
part, though.

More information about the Gnupg-users mailing list