What is heartbleed? Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet'sTransport Layer Security(TLS) protocol. This vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension.A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet's secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers'private keysand users'session cookies and passwords.