TOC Test

a b

c prog


-- HarlanStenn - 02 Apr 2011

NTP and CVE-2014-0160 (the OpenSSL "Heartbleed" bug)

Harlan Stenn, Fri, 11 Apr 2014

On 7 Apr 2014 the OpenSSL project ( disclosed CVE-2014-0160, a very serious security flaw in an OpenSSL library often referred to as the "Heartbleed" bug. This flaw is present in versions 1.0.1 and 1.0.2-beta (including OpenSSL 1.0.1f and 1.0.2-beta1).

Since NTP can be linked against the OpenSSL libraries, we've been asked if this vulnerability is a potential issue for NTP.

If NTP is linked against the OpenSSL libraries, the only use of them is to provide digital signature support. Since the vulnerabilities of CVE-2014-0160 are in parts of the OpenSSL libraries that are not used by NTP, NTP is NOT at risk from CVE-2014-0160.

Harlan Stenn
NTP Project
Network Time Foundation

LinkedIn logos

!LinkedIn NTP Project at LinkedIn

-- HarlanStenn - 2011-01-29

Topic attachments
I Attachment Action Size Date Who Comment
pngpng LinkedIn_Logo16px.png manage 0.7 K 2011-01-29 - 02:03 HarlanStenn LinkedIn 16px logo
pngpng LinkedIn_Logo30px.png manage 1.4 K 2011-01-29 - 02:04 HarlanStenn LinkedIn 30px logo
pngpng LinkedIn_Logo60px.png manage 2.5 K 2011-01-29 - 02:05 HarlanStenn LinkedIn 60px logo

This topic: Sandbox > TestTopic7
Topic revision: r3 - 2014-04-12 - 07:55:38 - HarlanStenn
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback