oss-sec mailing list archives

RE: Truly scary SSL 3.0 vuln to be revealed soon:

From: Sona Sarmadi <sona.sarmadi () enea com>
Date: Thu, 16 Oct 2014 16:42:10 +0000

Hanno Böck wrote:

It's out:

https://www.openssl.org/~bodo/ssl-poodle.pdf
http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-

exploiting-ssl-30.html


OpenSSL has patches for this and 3 other vulnerabilities: 

   https://www.openssl.org/news/secadv_20141015.txt

GnuTLS also implements the SSLv3 protocol, does anyone know if there are any  patches for GnuTLS for the SSL 3.0 
protocol vulnerability? 

-- Sona

Current thread:

Re: SSL POODLE, (continued)
- - - Re: SSL POODLE Hanno Böck (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
    - RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 14)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: mancha (Oct 14)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Krassimir Tzvetanov (Oct 14)
  - Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Ben Lincoln (0E1C7DBB - OSS) (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 15)
  - Re: Truly scary SSL 3.0 vuln to be revealed soon: ishish (Oct 16)
    - RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 16)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Daniel Kahn Gillmor (Oct 17)
    - neuter the poodle (was: Re: Truly scary SSL 3.0 vuln to be revealed soon:) mancha (Oct 17)
    - Re: neuter the poodle (was: Re: Truly scary SSL 3.0 vuln to be revealed soon:) Nikos Mavrogiannopoulos (Oct 18)
    - Re: Re: neuter the poodle mancha (Oct 18)
    - Re: Re: neuter the poodle Nikos Mavrogiannopoulos (Oct 18)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Mark Felder (Oct 17)