[openssl-users] POODLE attack on TLS1.2
Richard Könning
Richard.Koenning at ts.fujitsu.com
Mon Feb 27 12:16:28 UTC 2017
On 27.02.2017 13:03, Akshar Kanak wrote:
> Dear Team
> In https://en.wikipedia.org/wiki/POODLE , It is mentioned that
> POODLE attack is possible aganist *TLS *also . has this issue been
> alredy addressed in openssl .
>
> Thanks and regards
> Akshar
As the corresponding section in the Wikipedia article says that is not a
flaw in the TLS protocol but a flaw in it's implementations, more
exactly in the implementation of CBC encryption mode. For being on the
safe side take cipher suites not using CBC mode.
Best regards,
Richard
More information about the openssl-users
mailing list