Post Reply 
Heartlbleed?
Jun. 04, 2014, 05:18 PM
Post: #1
Heartlbleed?
Hello,

I see that proxomitron use OpenSSL, isn't it vulnerable to heartbleed?
Add Thank You Quote this message in a reply
Jun. 04, 2014, 09:53 PM
Post: #2
RE: Heartlbleed?
Welcome,

(Jun. 04, 2014 05:18 PM)talker Wrote:  Hello,

I see that proxomitron use OpenSSL, isn't it vulnerable to heartbleed?

No. The Proxomitron uses an old version of OpenSSL.

From your posted link

wikipedia Wrote:The affected versions of OpenSSL are OpenSSL 1.0.1 through 1.0.1f (inclusive).

You should always be aware and cautious, however.

HTH
Add Thank You Quote this message in a reply
Jun. 05, 2014, 04:01 PM
Post: #3
RE: Heartlbleed?
Right, I forgot that the old versions of Openssl are unaffected.

But, maybe I'll try proxhttproxy instead ?
Add Thank You Quote this message in a reply
Jun. 06, 2014, 02:33 AM
Post: #4
RE: Heartlbleed?
(Jun. 05, 2014 04:01 PM)talker Wrote:  But, maybe I'll try proxhttproxy instead ?

ProxHTTPSProxy intended purpose is to hide the Proxomitron's HTTPS filtering. ProxHTTPSProxy is used with another proxy not instead of.

ProxHTTPSProxy0.4b does not validate the SSL connection.

ProxHTTPSProxy0.6a can validate the connection using current OpenSSL routines that are supposed to be "heartbleed" free.

HTH
Add Thank You Quote this message in a reply
Jun. 06, 2014, 08:17 PM
Post: #5
RE: Heartlbleed?
I didn't mean "use proxhttpsproxy instead of proxomitron", I meant "install proxhttpsproxy instead of installing the ssl files of sidki."

Regards.
Add Thank You Quote this message in a reply
Jun. 07, 2014, 04:33 AM
Post: #6
RE: Heartlbleed?
(Jun. 06, 2014 08:17 PM)talker Wrote:  I meant "install proxhttpsproxy instead of installing the ssl files of sidki."

ATM, I think it depends on you and your needs.

The Proxomitron's ssl routine's alerts due to its inability to understand current ssl options and the browser's alerts about the Proxomitron will probably cause you to disable the alerts from both. The routine's encryption is dated.

However, ProxHTTPSProxy does not yet provide for or allow all of the Proxomitron's features. It complicates things and may make them harder to understand but its ssl routine is current.

You could use both.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: