So,.. word is out, it's another padding oracle attack combined with SSLv3 downgrade. Pretty much what I was expecting:
http://googleonlinesecurity.blogspot.ru/2014/10/this-poodle-bites-exploiting-ssl-30.html https://www.openssl.org/~bodo/ssl-poodle.pdf Quote: ``` In the coming months, we hope to remove support for SSL 3.0 completely from our client products. ``` Well,.. Google seems to agree with my sentiment :) Aaron
signature.asc
Description: Digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
