[openssl-users] CVE-2014- and OpenSSL?

Salz, Rich rsalz at akamai.com
Tue Dec 9 15:49:11 EST 2014


Ask Symantec why they labeled it as an openssl CVE; it is not.  Read AGL’s blog post[1].  Two specific implementations are identified and a different crypto library (NSS) is implicated.

This is about as formal a statement as you’re going to get. ☺

[1] https://www.imperialviolet.org/2014/12/08/poodleagain.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141209/34507d98/attachment-0001.html>


More information about the openssl-users mailing list