oss-sec mailing list archives
Re: Being vulnerable to POODLE
From: Florian Weimer <fweimer () redhat com>
Date: Mon, 28 Dec 2015 15:32:40 +0100
On 12/26/2015 08:28 AM, Sevan Janiyan wrote:
It turns out that CoovaChilli[1] is vulnerable to POODLE & I'd like to
[1] http://coova.github.io/CoovaChilli/
How so? With some OpenSSL versions, it disables the 0/n split to mitigate a *different* CBC vulnerability in TLS 1.0, and the client code explicitly prevents OpenSSL from using TLS 1.1 and later. Florian
Current thread:
- Being vulnerable to POODLE Sevan Janiyan (Dec 26)
- Re: Being vulnerable to POODLE gremlin (Dec 26)
- Re: Being vulnerable to POODLE Gsunde Orangen (Dec 26)
- Re: Being vulnerable to POODLE Sevan Janiyan (Dec 26)
- Re: Being vulnerable to POODLE Gsunde Orangen (Dec 26)
- Re: Being vulnerable to POODLE Florian Weimer (Dec 28)
- Re: Being vulnerable to POODLE Sevan Janiyan (Dec 28)
- Re: Being vulnerable to POODLE Florian Weimer (Dec 28)
- Re: Being vulnerable to POODLE Sevan Janiyan (Dec 29)
- Re: Being vulnerable to POODLE Sevan Janiyan (Dec 28)
- Re: Being vulnerable to POODLE gremlin (Dec 26)