Hi, > And there's no way to ask OpenSSL if it's vulnerable to the heartbeat attack. well, there is.... 'give me more information back than I should receive' (ie put the exploit into your code ;-) ) alan