Stitched vs non-Stitched Ciphersuites

Michael Wojcik Michael.Wojcik at
Wed Feb 27 18:10:02 UTC 2019

> From: openssl-users [mailto:openssl-users-bounces at] On Behalf Of
> Matt Caswell
> Sent: Wednesday, February 27, 2019 12:07
> On 27/02/2019 16:47, Michael Wojcik wrote:
> >
> > Frankly, this latest vulnerability in OpenSSL 1.0.2 feels pretty minor in
> > that regard, since it depends on two different (if related) behaviors by the
> > application to be vulnerable. The application has to incorrectly attempt a
> > second SSL_shutdown if the first one fails (it should only do the second if
> > the first succeeds),
> This is not quite correct. It requires you to incorrectly call SSL_shutdown()
> twice (once to send a close_notify, and once to receive one) having previously
> encountered a fatal error.

Thanks for the correction. Still the general point applies: it depends on the application having rather suspect error handling, and on having visibly different behavior for the two cases in order to provide an oracle.

Perhaps that's not uncommon, but I checked some of our products which use OpenSSL, and they didn't have either behavior.

Michael Wojcik
Distinguished Engineer, Micro Focus

More information about the openssl-users mailing list