[gnutls-devel] An (historical) heartbeat.c issue more relevant to Heartbleed
peter.dettman at bouncycastle.org
Sat Apr 12 09:40:18 CEST 2014
On 12/04/2014 2:00 PM, Nikos Mavrogiannopoulos wrote:
> So it seems that these versions of gnutls are usable/broken in respect
> to heartbeats, and if anyone would have used this broken version of
> gnutls to debug openssl heartbeats he may have uncovered the bug :)
> regards, Nikos
Yes, I did have the same thought, but left it out of my post, which was
already in danger of sounding accusatory.
I got as far as implementing the structures from RFC 6520 in
BouncyCastle, in late June of last year, but never got around to
actually implementing the protocol. I certainly would have tested
against openssl (as usual), but would I have "asked the right questions"?
More information about the Gnutls-devel