[openssl-users] POODLE attack on TLS1.2

Matt Caswell matt at openssl.org
Mon Feb 27 12:14:48 UTC 2017



On 27/02/17 12:03, Akshar Kanak wrote:
> Dear Team
>        In https://en.wikipedia.org/wiki/POODLE , It is mentioned that
> POODLE attack is possible aganist *TLS *also . has this issue been
> alredy addressed in openssl .

This was never an issue in OpenSSL - so there is nothing to address.
This issue only affected certain implementations that did not correctly
handle TLS padding (notably F5 and A10 devices). See:

https://www.imperialviolet.org/2014/12/08/poodleagain.html

Matt


More information about the openssl-users mailing list