Now i understood the concept .. Till now i am assuming that attacker will send only the heart beat request with out performing any SSL handshake messages.
I was wrong . Attacker will establish a new connection and send all the handshake messages and then the faked heart beat request . -- View this message in context: http://openssl.6102.n7.nabble.com/Heart-bleed-with-0-9-8-and-1-0-1-tp49300p49425.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
