Please assess the effects of openssl heartbleed bug on the wallet security #4021

issue jfkirkley opened this issue on April 8, 2014
  1. jfkirkley commented at 3:14 AM on April 8, 2014: none

    Details of the bug are hear: http://heartbleed.com/

    Does the wallet use the heartbeat facility of openssl? Is it vulnerable?

  2. jfkirkley renamed this:
    Please access the effects of openssl heartbleed bug on the wallet security
    Please assess the effects of openssl heartbleed bug on the wallet security
    on Apr 8, 2014
  3. laanwj commented at 8:34 AM on April 8, 2014: member

    The vulnerability does not affect the bitcoin protocol or wallet. It may affect auxilary usage of TLS in RPC-over-SSL and when fetching payment requests over HTTPS.

    Not a big deal, but we are going to release a 0.9.1 that updates OpenSSL (see pull #4023 if you want to test) and fixes some other minor issues from 0.9.0.

  4. jfkirkley commented at 12:26 PM on April 8, 2014: none

    Thank you for the analysis. I will definitely do the upgrade.

  5. brossi cross-referenced this on Apr 9, 2014 from issue Updates for OpenSSL by brossi
  6. laanwj closed this on May 2, 2014
  7. laanwj commented at 7:26 AM on May 2, 2014: member

    0.9.1 has been released with a new version of OpenSSL a while ago - this issue can be closed.

  8. bitcoin locked this on Sep 8, 2021
Contributors
jfkirkleylaanwj
Linked (view graph)
#4023 gitian: upgrade openssl to 1.0.1g for both win and linux
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:55 UTC