FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Heartbleed bug?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Heartbleed bug? [message #185550 is a reply to message #185541] Thu, 10 April 2014 20:54 Go to previous messageGo to previous message
Arno Welzel is currently offline  Arno Welzel
Messages: 317
Registered: October 2011
Karma:
Senior Member
Jerry Stuckle, 2014-04-10 13:52:

> On 4/10/2014 2:51 AM, Arno Welzel wrote:
>> Jerry Stuckle, 2014-04-09 19:37:
>>
>>> On 4/9/2014 11:43 AM, Christoph Michael Becker wrote:
>> [...]
>>>> ACK. However, the Windows x86 builds of PHP 5.5.11 shipped OpenSSL
>>>> 1.0.1f (6 Jan 2014) and have been updated to ship OpenSSL 1.0.1g (7 Apr
>>>> 2014) just a few hours ago. (The x64 builds are currently being worked
>>>> on.) So obviously PHP's OpenSSL extension is affected by the
>>>> "heartbleed" bug (at least on Windows).
>>>>
>>>
>>> Does it? Or does it mean they just want to keep up with the latest
>>> release? And if it does affect PHP, what functions does it affect, and
>>> how does it affect them?
>>
>> I assume PHP does keep up with the latest release because they *are*
>> affected by the bug e.g. in stream_socket_enable_crypto().
>>
>>
>
> You can ASS-U-ME all you want. I go by the facts. And if I were

Oh you are so funny...

> concerned about PHP being involved, I would ask the OpenSSL people.

The fact is, that stream_socket_enable_crypto() allows to build a server
which listens on a socket to accept incoming SSL/TLS connections and
uses OpenSSL for this.

OpenSSL up to 1.0.1f has a now well known vulnerability for that use case.

Ask who ever you want. If you got the answers that prove all this wrong,
do the rest of us a favour and tell us.



--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
http://fahrradzukunft.de
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: cURL and response code 302
Next Topic: PHP Parse error: syntax error, unexpected '$sql' (T_VARIABLE) in
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 13:10:03 GMT 2024

Total time taken to generate the page: 0.03988 seconds