[openssl-users] CVE-2014- and OpenSSL?
Amarendra Godbole
amarendra.godbole at gmail.com
Tue Dec 9 14:07:01 EST 2014
So Adam Langley writes "SSLv3 decoding function was used with TLS,
then the POODLE attack would work, even against TLS connections." on
his the latest POODLE affecting TLS 1.x.
(https://www.imperialviolet.org/).
I also received a notification from Symantec's DeepSight, that states:
"OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure
Vulnerability".
However, I could not find more information on OpenSSL's web-site about
POODLE-biting-again. Did I miss any notification? Thanks.
-Amarendra
More information about the openssl-users
mailing list