[openssl-users] [openssl-security] Openssl Vulnerability detected

Viktor Dukhovni openssl-users at dukhovni.org
Fri Dec 22 16:17:36 UTC 2017

> On Dec 22, 2017, at 7:03 AM, Salz, Rich <rsalz at akamai.com> wrote:
> Having said that, the answer is upgrade to a supported version, ideally 1.1.0

A better answer is typically to deploy the latest patched version from the
platform vendor.  And to not enable SSLv2 or SSLv3.  Most applications 
support configurable cipher strings.  If one wants to disable DES and 3DES
just set the cipherstring to:


plus any other desired exclusions.


More information about the openssl-users mailing list