CVE-2014-0224 looks like an interesting issue
(https://www.openssl.org/news/secadv_20140605.txt):
An attacker using a carefully crafted handshake
can force the use of weak keying material in
OpenSSL SSL/TLS clients and servers. This can
be exploited by a Man-in-the-middle (MITM)
attack where the attacker can decrypt and
modify traffic from the attacked client and server.
Can anyone explain the vulnerability?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]