[openssl-users] CVE-2014- and OpenSSL?
Mitra, Rituparna (STSD)
rituparna.mitra at hp.com
Tue Dec 9 14:46:43 EST 2014
Hi,
>> OpenSSL does not have this defect.
Does this mean that openssl is not vulnerable to this issue even if TLS 1.0/TLS 1.1 are enabled?
Are all versions of openssl (0.9.8* and 1.0.1*) free from impact?
Thanks,
RMitra
-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Salz, Rich
Sent: Wednesday, December 10, 2014 12:56 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] CVE-2014- and OpenSSL?
> I also received a notification from Symantec's DeepSight, that states:
> "OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure
> Vulnerability".
Did Symantic really label it an OpenSSL CVE? That's wrong.
OpenSSL does not have this defect.
/r$
_______________________________________________
openssl-users mailing list
openssl-users at openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list