Heartbleed vulnerability (OpenSSL CVE-2014-0160)

Vulnerability CVE-2014-0160, also known as Heartbleed, is considered one of the biggest security failures on the internet to date.

It is one of the most critical vulnerabilities in the OpenSSL package. To understand the impact of this vulnerability, it is necessary to understand the operation of the "HeartBeat" extension, which has been a central element in the operation of OpenSSL, since it allows us improve the performance of clients and servers that use an encrypted channel, such as SSL.

To establish an SSL connection with a server, a process called "HandShake" has to be completed, consisting of the exchange of symmetric and asymmetric keys for establishing the encrypted connection between ...

Get Mastering Python for Networking and Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.