Yes, your client is vulnerable. Which ip to connect to is governed by your 
application, and IP addresses can be falsified, so it is very much possible 
your client connects to a malicious server.

-ag

--
sent via 100% recycled electrons from my mobile command center.

> On Apr 11, 2014, at 8:32 AM, cvishnuid <cvishn...@gmail.com> wrote:
> 
> Hi I am having 0.9.8 open ssl libraries in my server and 1.0.1 in my client. 
> Am I venerable to heart bleed attach? Regards, Vishnu. 
> View this message in context: Heart bleed with 0.9.8 and 1.0.1
> Sent from the OpenSSL - User mailing list archive at Nabble.com.

Reply via email to