Although clients are at risk, the vast majority of browsers do NOT use OpenSSL None of IE, Chrome, Firefox or Safari use OpenSSL, with the possible exception being on Android devices. Clients such as wget and curl will likely be vulnerable, but the impact is small - there isn't going to be much in memory that isn't already being sent to the remote server anyway. There's certainly some clients such as mail servers (when connecting to another mail server) where it's an issue, but in most cases those will be covered under the "server" category anyway. But yeah, point remains - update everywhere, even where you're not running TLS servers! Scott On Thu, Apr 10, 2014 at 3:06 PM, Juha Saarinen <juha(a)saarinen.org> wrote:
Morning. Just saw this:
http://vrt-blog.snort.org/2014/04/heartbleed-continued-openssl-client.html
Which I thought might be useful to know.
-- Juha Saarinen twitter: juhasaarinen <http://twitter.com/juhasaarinen>
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog