Hello,
In the "OpenSSL Security Advisory [05 Jun 2014]", regarding "SSL/TLS MITM vulnerability (CVE-2014-0224)", it says: Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Usersof OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. We are using openssl 1.0.0 as a server. Looking at the diff between 1.0.0m and 1.0.0k, same patch is applied to s3_srvr.c and s3_pkt.c. I want to confirm this is just for precaution, or openssl 1.0.0 is vulnerable too. Thanks. Zhong
