[openssl-users] POODLE attack on TLS1.2

Richard Könning Richard.Koenning at ts.fujitsu.com
Mon Feb 27 12:16:28 UTC 2017

On 27.02.2017 13:03, Akshar Kanak wrote:
> Dear Team
>        In https://en.wikipedia.org/wiki/POODLE , It is mentioned that 
> POODLE attack is possible aganist *TLS *also . has this issue been 
> alredy addressed in openssl .
> Thanks and regards
> Akshar

As the corresponding section in the Wikipedia article says that is not a 
flaw in the TLS protocol but a flaw in it's implementations, more 
exactly in the implementation of CBC encryption mode. For being on the 
safe side take cipher suites not using CBC mode.
Best regards,

More information about the openssl-users mailing list