Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 29 Dec 2015 12:43:32 +0000
From: Sevan Janiyan <venture37@...klan.co.uk>
To: oss-security@...ts.openwall.com
Subject: Re: Being vulnerable to POODLE


On 28/12/2015 17:22, Florian Weimer wrote:
> Yes, this is what my meant, the documented SSL_OP_ALL setting is not
> really safe.  But this is a different vulnerability from POODLE.

Understood.
Should I request a CVE for the use of SSL_OP_ALL which enables
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS or use an existing CVE? (CVE-2011-3389?)


Sevan

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ