JeffBeall
asked on
heartbleed
so for this heartbleed problem with ssl - would it help protect you if you are using a vpn to connect to a ssl site that might be compromised?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if your VPN is not based on the same SSL library, it should help. but anyway, exploiting this vulnerability to hijack somebody else's session on a website requires to be actually able to sniff the corresponding traffic in the first place. why do you think you are concerned ? are we talking about https or something else ?
The heatbeat is only active starting with TLS 1.1. I doubt that is an issue with VPN itself.
why ? all openssl-based vpns in the world use other ssl versions ?
i hardly believe heartbleed is an issue at all for anybody here, but then i guess i'm not the one to decide who is concerned
btw, you can disable heartbeat at compile time
i hardly believe heartbleed is an issue at all for anybody here, but then i guess i'm not the one to decide who is concerned
btw, you can disable heartbeat at compile time
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you.
VPN protects you from getting sniffed, but does vpn really go from you computer to the server where it is decrypted? Or do you use vpn to an endpoint at some different location?
I doubt there are vpn solutions that terminate at a server that is also hosting a website you want to access, in that way one has to use independent vpn solutions for all affected hosts one needs to use.