From 291b7b7d8d51993c6a6cfcd8e464c96555b04323 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 10 Apr 2014 20:00:09 +0200 Subject: [PATCH] Mention that tinc is not vulnerable to the Heartbleed bug. --- news/heartbleed.mdwn | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 news/heartbleed.mdwn diff --git a/news/heartbleed.mdwn b/news/heartbleed.mdwn new file mode 100644 index 0000000..2b47f42 --- /dev/null +++ b/news/heartbleed.mdwn @@ -0,0 +1,10 @@ +[[!meta author="guus"]] + +Tinc is *not vulnerable* to the Heartbleed bug. + +The [Hearbleed bug](http://heartbleed.com/) +([CVE-2014-0160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160)) +is a bug in the [OpenSSL](https://en.wikipedia.org/wiki/Openssl) library that +affects any application which is linked to it and is making or accepting TLS +connections. Although tinc links to the OpenSSL library, it does not use the +TLS protocol, and is therefore not vulnerable. -- 2.20.1