[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Being vulnerable to POODLE
From:       Sevan Janiyan <venture37 () geeklan ! co ! uk>
Date:       2015-12-29 12:43:32
Message-ID: 56827FF4.4020607 () geeklan ! co ! uk
[Download RAW message or body]


On 28/12/2015 17:22, Florian Weimer wrote:
> Yes, this is what my meant, the documented SSL_OP_ALL setting is not
> really safe.  But this is a different vulnerability from POODLE.

Understood.
Should I request a CVE for the use of SSL_OP_ALL which enables
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS or use an existing CVE? (CVE-2011-3389?)


Sevan
[prev in list] [next in list] [prev in thread] [next in thread]