> Note that the CVE identifier was assigned to the SSL 3.0 protocol issue
> related to CBC padding. The new SCSV does not help with that at all.
What? It prevents silently falling back to the broken protocol.
Perhaps we can keep this battle-thread just in the TLS WG mail?
/r$
--
Principal Security Engineer, Akamai Technologies
IM: [email protected] Twitter: RichSalz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
