[openssl-users] Forthcoming OpenSSL release

Matt Caswell matt at openssl.org
Thu Feb 16 23:11:02 UTC 2017



On 16/02/17 19:54, Nounou Dadoun wrote:
> Sorry I haven't been following the discussion on this vulnerability
> if there is one. The advisory says that " this can cause OpenSSL to
> crash (dependent on ciphersuite) "; is there any indication about
> which cipher suites are affected?  So that we know whether we should
> upgrade now or catch the next one, thanks  ... N

A malicious client (say) could cause a server to crash if it has been
configured to support at least one AEAD ciphersuite and at least one
non-AEAD ciphersuite.

Matt


More information about the openssl-users mailing list