oss-sec mailing list archives
Re: Being vulnerable to POODLE
From: Sevan Janiyan <venture37 () geeklan co uk>
Date: Tue, 29 Dec 2015 12:43:32 +0000
On 28/12/2015 17:22, Florian Weimer wrote:
Yes, this is what my meant, the documented SSL_OP_ALL setting is not really safe. But this is a different vulnerability from POODLE.
Understood. Should I request a CVE for the use of SSL_OP_ALL which enables SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS or use an existing CVE? (CVE-2011-3389?) Sevan
Current thread:
- Being vulnerable to POODLE Sevan Janiyan (Dec 26)
- Re: Being vulnerable to POODLE gremlin (Dec 26)
- Re: Being vulnerable to POODLE Gsunde Orangen (Dec 26)
- Re: Being vulnerable to POODLE Sevan Janiyan (Dec 26)
- Re: Being vulnerable to POODLE Gsunde Orangen (Dec 26)
- Re: Being vulnerable to POODLE Florian Weimer (Dec 28)
- Re: Being vulnerable to POODLE Sevan Janiyan (Dec 28)
- Re: Being vulnerable to POODLE Florian Weimer (Dec 28)
- Re: Being vulnerable to POODLE Sevan Janiyan (Dec 29)
- Re: Being vulnerable to POODLE Sevan Janiyan (Dec 28)
- Re: Being vulnerable to POODLE gremlin (Dec 26)