[openssl-users] POODLE attack on TLS1.2
Richard.Koenning at ts.fujitsu.com
Mon Feb 27 12:16:28 UTC 2017
On 27.02.2017 13:03, Akshar Kanak wrote:
> Dear Team
> In https://en.wikipedia.org/wiki/POODLE , It is mentioned that
> POODLE attack is possible aganist *TLS *also . has this issue been
> alredy addressed in openssl .
> Thanks and regards
As the corresponding section in the Wikipedia article says that is not a
flaw in the TLS protocol but a flaw in it's implementations, more
exactly in the implementation of CBC encryption mode. For being on the
safe side take cipher suites not using CBC mode.
More information about the openssl-users