[openssl-users] CVE-2014- and OpenSSL?
Salz, Rich
rsalz at akamai.com
Tue Dec 9 15:49:11 EST 2014
Ask Symantec why they labeled it as an openssl CVE; it is not. Read AGL’s blog post[1]. Two specific implementations are identified and a different crypto library (NSS) is implicated.
This is about as formal a statement as you’re going to get. ☺
[1] https://www.imperialviolet.org/2014/12/08/poodleagain.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141209/34507d98/attachment-0001.html>
More information about the openssl-users
mailing list