In article <1483a20e-66b7-4ecc-8c14-34de4b24b...@gmail.com>, Markus Falb <wne...@gmail.com> wrote: > > > No vulnerability on the > > server can expose a private client certificate, only a vulnerability on > > the client can. > > With malicious server I did not meant one that was affected > by heartbleed but a server which is run by bad people that want to exploit > vulnerable clients. > > If it's easy to write a malicious client to read the server's ram, it's maybe > easy to > write a malicious server that can read the client's ram? Does heartbleed work > in both directions? > > Assume that the client uses a vulnerable openssl, and it connects to a > malicious > server, can the server read the ram of the client?
https://reverseheartbleed.com/ Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
