I've also added these into the wiki at http://wiki.openssl.org/index.php/SECADV_20140605 - so that others looking back through the issues can find a handy reference to the additional information from various locations - the link at http://wiki.openssl.org/index.php/Security_Advisories basically notes when there is additional information available beyond the advisory details for a given issue.
If there are other useful references to this item or to other items in the security vulnerability announcement then updating the wiki to note them there would be helpful. Thanks, Tim. On 6/06/2014 9:42 AM, Jeffrey Walton wrote: > On Thu, Jun 5, 2014 at 4:49 PM, Salz, Rich <rs...@akamai.com> wrote: >>> Can anyone explain the vulnerability? >> A handful of links >> >> Here's the timeline, a public document: >> https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs >> >> And this blog entry from the guy who found the bug. BTW, it's 16 years old. >> >> http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html >> >> Adam Langley's writeup full of technical and protocol details >> https://www.imperialviolet.org/2014/06/05/earlyccs.html >> > Thanks Rich. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org