git:// links no longer work, refer to the https:// one.

[wiki] / news / heartbleed.mdwn

[[!meta author="guus"]]

Tinc is *not vulnerable* to the Heartbleed bug.

The [Heartbleed bug](http://heartbleed.com/)
([CVE-2014-0160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160))
is a bug in the [OpenSSL](https://en.wikipedia.org/wiki/Openssl) library that
affects any application that is linked to it and is making or accepting TLS
connections. Although tinc links to the OpenSSL library, it does not use the
TLS protocol, and is therefore not vulnerable.