Date: Tue, 29 Dec 2015 12:43:32 +0000 From: Sevan Janiyan <venture37@...klan.co.uk> To: oss-security@...ts.openwall.com Subject: Re: Being vulnerable to POODLE On 28/12/2015 17:22, Florian Weimer wrote: > Yes, this is what my meant, the documented SSL_OP_ALL setting is not > really safe. But this is a different vulnerability from POODLE. Understood. Should I request a CVE for the use of SSL_OP_ALL which enables SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS or use an existing CVE? (CVE-2011-3389?) Sevan
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ