[openssl-users] Forthcoming OpenSSL release
Matt Caswell
matt at openssl.org
Thu Feb 16 23:11:02 UTC 2017
On 16/02/17 19:54, Nounou Dadoun wrote:
> Sorry I haven't been following the discussion on this vulnerability
> if there is one. The advisory says that " this can cause OpenSSL to
> crash (dependent on ciphersuite) "; is there any indication about
> which cipher suites are affected? So that we know whether we should
> upgrade now or catch the next one, thanks ... N
A malicious client (say) could cause a server to crash if it has been
configured to support at least one AEAD ciphersuite and at least one
non-AEAD ciphersuite.
Matt
More information about the openssl-users
mailing list