[openssl-users] CVE-2014- and OpenSSL?
Arthur Tsang
arthur_tsang at hotmail.com
Tue Dec 9 16:58:54 EST 2014
thanks for the clarification.
On Tue, Dec 9, 2014 at 1:00 PM, Matt Caswell <matt at openssl.org> wrote:
>
> On 09/12/14 20:30, Arthur Tsang wrote:
> > Hi Rich,
> >
> > do we have some formal announcement that openssl is not vulnerable for
> > POODLE in TLS? or can you explain why Openssl is not affected? if
> > symantec is issuing notification like that, i guess, a lot of
> > management will demand explanations. Thanks,
> >
> >
> Adam Langley's post provides a good explanation of this problem:
> https://www.imperialviolet.org/2014/12/08/poodleagain.html
>
> The specification of SSLv3 did not specify the format of padding bytes
> to be used when encrypting data. This led to an oracle attack.
>
> TLS on the other hand *does* specify this, and therefore (if you
> implement it correctly) is not vulnerable to this oracle attack. A TLS
> library needs to check the padding bytes are correctly formatted and
> fail if not. The problem is that it is possible to implement a TLS
> library and still use the SSLv3 decryption routines when working with
> TLS (i.e. don't check the padding bytes). This *will* work, although it
> is not compliant with the spec. If you fail to check the padding bytes
> then your TLS implementation is vulnerable to the same POODLE oracle
> attack.
>
> I can confirm that OpenSSL is compliant with the spec and *does* check
> the padding bytes. It is therefore is not vulnerable to this issue.
>
> Matt
>
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org
> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>
>
--
Thanks,
Arthur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141209/5ff861f3/attachment-0001.html>
More information about the openssl-users
mailing list