In article <1483A20E-66B7-4ECC-8C14-34DE4B24BA33 at gmail.com>, Markus Falb <wnefal at gmail.com> wrote: > > > No vulnerability on the > > server can expose a private client certificate, only a vulnerability on > > the client can. > > With malicious server I did not meant one that was affected > by heartbleed but a server which is run by bad people that want to exploit > vulnerable clients. > > If it's easy to write a malicious client to read the server's ram, it's maybe easy to > write a malicious server that can read the client's ram? Does heartbleed work > in both directions? > > Assume that the client uses a vulnerable openssl, and it connects to a malicious > server, can the server read the ram of the client? https://reverseheartbleed.com/ Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org