Mention that tinc is not vulnerable to the Heartbleed bug.

author Guus Sliepen <guus@tinc-vpn.org>

Thu, 10 Apr 2014 18:00:09 +0000 (20:00 +0200)

committer Guus Sliepen <guus@tinc-vpn.org>

Thu, 10 Apr 2014 18:00:09 +0000 (20:00 +0200)
author Guus Sliepen <guus@tinc-vpn.org>
Thu, 10 Apr 2014 18:00:09 +0000 (20:00 +0200)
committer Guus Sliepen <guus@tinc-vpn.org>
Thu, 10 Apr 2014 18:00:09 +0000 (20:00 +0200)
diff --git a/news/heartbleed.mdwn b/news/heartbleed.mdwn

new file mode 100644 (file)

index 0000000..2b47f42
--- /dev/null
+++ b/news/heartbleed.mdwn
@@ -0,0 +1,10 @@
+[[!meta author="guus"]]
+
+Tinc is *not vulnerable* to the Heartbleed bug.
+
+The [Hearbleed bug](http://heartbleed.com/)
+([CVE-2014-0160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160))
+is a bug in the [OpenSSL](https://en.wikipedia.org/wiki/Openssl) library that
+affects any application which is linked to it and is making or accepting TLS
+connections. Although tinc links to the OpenSSL library, it does not use the
+TLS protocol, and is therefore not vulnerable.
author	Guus Sliepen <guus@tinc-vpn.org>
	Thu, 10 Apr 2014 18:00:09 +0000 (20:00 +0200)
committer	Guus Sliepen <guus@tinc-vpn.org>
	Thu, 10 Apr 2014 18:00:09 +0000 (20:00 +0200)