Hi Thomas, Thanks for the details. Is there any openssl version has the fix for this? Seems from openssl site they have pointed that the fix was in 0.9.8zc version. How to overcome this issue.
Thanks, Kannan Narayanasamy. -----Original Message----- From: Tomas Hoger [mailto:[email protected]] Sent: Thursday, January 29, 2015 8:31 PM To: Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) Cc: [email protected] Subject: Re: [openssl-dev] Poodle Vulnerable On Thu, 29 Jan 2015 06:33:13 +0000 Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > For poodle vulnerability we have upgraded the openssl to 0.9.8zc > version. But still result shows as vulnerable. (downloaded poodle.sh > script from the link https://access.redhat.com/articles/1232123 to > verify) The script checks if a target server has SSL 3.0 enabled, i.e. the PO part of POODLE. OpenSSL 0.9.8zc does not address that, it adds a feature (TLS_FALLBACK_SCSV) to help mitigate/block the DLE part. The script does not attempt to check if the server implements this fallback protection. -- Tomas Hoger _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
