Hello, I have a question about the following statement in advisory notice http://www.openssl.org/news/secadv_20140605.txt regarding CVE-2014-0198.
This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. I am using OpenSSL 1.0.1g, where SSL_MODE_RELEASE_BUFFERS is defined in ssl.h: #define SSL_MODE_RELEASE_BUFFERS 0x00000010L Is this not the default value? If it is, then the macro is enabled? Please let me know what I'm missing. Many thanks in advance, Reyes
