11 Jan
2022
11 Jan
'22
12:11 p.m.
No, Heartbleed was a protocol specification error, where if you implemented what the spec
said you automatically produced a security bug.
paul
On Jan 11, 2022, at 3:02 PM, Jonathan Katz via cctalk
<cctalk at classiccmp.org> wrote:
Heartbleed?
On Tue, 11 Jan 2022 at 20:00, Hauke Fath via cctalk <cctalk at classiccmp.org>
wrote:
On Mon, 10 Jan 2022 22:04:33 -0800, Stan Sieler
via cctalk wrote:
--
-Jon
+44 7792 149029 It may have been that either the routine
wasn't getting called when it
should, or that the programmer misinterpreted what the return value
meant.
The Debian 4 OpenSSL disaster comes to mind, where IIRC a know-it-all
package manager beautified the source and reduced the effective length
of any generated keys to 32 bit. But that was more like 15 yrs ago...
Cheerio,
Hauke
--
Hauke Fath <hauke at Espresso.Rhein-Neckar.DE>
Linn?weg 7
64342 Seeheim-Jugenheim
Germany