On 12-12-2014 21:31, Jeffrey Walton wrote:
On Fri, Dec 12, 2014 at 5:23 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 09/12/2014 21:46, Jeffrey Walton wrote:
On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
amarendra.godb...@gmail.com wrote:
So Adam Langley writes SSLv3 decoding function
On 09/12/2014 21:46, Jeffrey Walton wrote:
On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
amarendra.godb...@gmail.com wrote:
So Adam Langley writes SSLv3 decoding function was used with TLS,
then the POODLE attack would work, even against TLS connections. on
his the latest POODLE affecting
On Fri, Dec 12, 2014 at 5:23 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 09/12/2014 21:46, Jeffrey Walton wrote:
On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
amarendra.godb...@gmail.com wrote:
So Adam Langley writes SSLv3 decoding function was used with TLS,
then the POODLE attack
So Adam Langley writes SSLv3 decoding function was used with TLS,
then the POODLE attack would work, even against TLS connections. on
his the latest POODLE affecting TLS 1.x.
(https://www.imperialviolet.org/).
I also received a notification from Symantec's DeepSight, that states:
OpenSSL
I also received a notification from Symantec's DeepSight, that states:
OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure
Vulnerability.
Did Symantic really label it an OpenSSL CVE? That's wrong.
OpenSSL does not have this defect.
/r$
...@openssl.org] On Behalf Of
Salz, Rich
Sent: Wednesday, December 10, 2014 12:56 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] CVE-2014- and OpenSSL?
I also received a notification from Symantec's DeepSight, that states:
OpenSSL CVE-2014-8730 Man In The Middle Information
Does this mean that openssl is not vulnerable to this issue even if TLS
1.0/TLS 1.1 are enabled?
Are all versions of openssl (0.9.8* and 1.0.1*) free from impact?
OpenSSL does not have this defect.
___
openssl-users mailing list
Hi Rich,
do we have some formal announcement that openssl is not vulnerable for
POODLE in TLS? or can you explain why Openssl is not affected? if
symantec is issuing notification like that, i guess, a lot of management
will demand explanations. Thanks,
Thanks,
Arthur
On Tue, Dec 9, 2014 at
On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
amarendra.godb...@gmail.com wrote:
So Adam Langley writes SSLv3 decoding function was used with TLS,
then the POODLE attack would work, even against TLS connections. on
his the latest POODLE affecting TLS 1.x.
(https://www.imperialviolet.org/).
Ask Symantec why they labeled it as an openssl CVE; it is not. Read AGL’s blog
post[1]. Two specific implementations are identified and a different crypto
library (NSS) is implicated.
This is about as formal a statement as you’re going to get. ☺
[1]
On Tue, Dec 9, 2014 at 11:26 AM, Salz, Rich rs...@akamai.com wrote:
I also received a notification from Symantec's DeepSight, that states:
OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure
Vulnerability.
Did Symantic really label it an OpenSSL CVE? That's wrong.
OpenSSL does
On 09/12/14 20:30, Arthur Tsang wrote:
Hi Rich,
do we have some formal announcement that openssl is not vulnerable for
POODLE in TLS? or can you explain why Openssl is not affected? if
symantec is issuing notification like that, i guess, a lot of
management will demand explanations.
thanks for the clarification.
On Tue, Dec 9, 2014 at 1:00 PM, Matt Caswell m...@openssl.org wrote:
On 09/12/14 20:30, Arthur Tsang wrote:
Hi Rich,
do we have some formal announcement that openssl is not vulnerable for
POODLE in TLS? or can you explain why Openssl is not affected? if
13 matches
Mail list logo