[langsec-discuss] cross-posting a bit on Heartbleed
daira at jacaranda.org
Sat Apr 12 17:44:40 UTC 2014
On 11/04/14 16:40, William Sargent wrote:
>> Actually the protocol *did* specify that:
>> # If the payload_length of a received HeartbeatMessage is too large,
>> # the received HeartbeatMessage MUST be discarded silently.
> There is a formally verified version of TLS, miTLS. I’d be curious to see how it measures
> up against the attack tools.
miTLS does not support the heartbeat extension, and so is not vulnerable.
(The only extension it supports is renegotiation_info.)
Daira Hopwood ⚥
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 555 bytes
Desc: OpenPGP digital signature
More information about the langsec-discuss