Yes, your client is vulnerable. Which ip to connect to is governed by your application, and IP addresses can be falsified, so it is very much possible your client connects to a malicious server.
-ag -- sent via 100% recycled electrons from my mobile command center. > On Apr 11, 2014, at 8:32 AM, cvishnuid <cvishn...@gmail.com> wrote: > > Hi I am having 0.9.8 open ssl libraries in my server and 1.0.1 in my client. > Am I venerable to heart bleed attach? Regards, Vishnu. > View this message in context: Heart bleed with 0.9.8 and 1.0.1 > Sent from the OpenSSL - User mailing list archive at Nabble.com.