[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Being vulnerable to POODLE
From: Sevan Janiyan <venture37 () geeklan ! co ! uk>
Date: 2015-12-29 12:43:32
Message-ID: 56827FF4.4020607 () geeklan ! co ! uk
[Download RAW message or body]
On 28/12/2015 17:22, Florian Weimer wrote:
> Yes, this is what my meant, the documented SSL_OP_ALL setting is not
> really safe. But this is a different vulnerability from POODLE.
Understood.
Should I request a CVE for the use of SSL_OP_ALL which enables
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS or use an existing CVE? (CVE-2011-3389?)
Sevan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic