Topic: wolfSSL and CyaSSL Users SAFE from Heartbleed Bug

A recently-discovered bug in OpenSSL’s implementation of the TLS Heartbeat Extension makes it possible for malicious attackers to potentially recover the private keys and sensitive data that should normally be secured by SSL/TLS. The vulnerability has been recorded as CVE-2014-0160.

We want to assure our users and customers that CyaSSL and wolfSSL products are NOT affected by the Heartbleed bug in any way.  This was a bug specific to OpenSSL’s implementation of the TLS Heartbeat Extension (RFC6520: https://tools.ietf.org/html/rfc6520).  This bug existed in OpenSSL for over two years, with vulnerable versions including OpenSSL 1.0.1 - 1.0.1f (inclusive).

Interested parties can learn more about this bug in OpenSSL at the following links:

http://heartbleed.com/
https://www.openssl.org/news/secadv_20140407.txt
https://cve.mitre.org/cgi-bin/cvename.c … -2014-0160

For additional information or questions about CyaSSL, please contact us at info@wolfssl.com.