Date: Mon, 28 Dec 2015 15:32:40 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Being vulnerable to POODLE On 12/26/2015 08:28 AM, Sevan Janiyan wrote: > It turns out that CoovaChilli is vulnerable to POODLE & I'd like to >  http://coova.github.io/CoovaChilli/ How so? With some OpenSSL versions, it disables the 0/n split to mitigate a *different* CBC vulnerability in TLS 1.0, and the client code explicitly prevents OpenSSL from using TLS 1.1 and later. Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ