Hi, >> OpenSSL does not have this defect.
Does this mean that openssl is not vulnerable to this issue even if TLS 1.0/TLS 1.1 are enabled? Are all versions of openssl (0.9.8* and 1.0.1*) free from impact? Thanks, RMitra -----Original Message----- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich Sent: Wednesday, December 10, 2014 12:56 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] CVE-2014- and OpenSSL? > I also received a notification from Symantec's DeepSight, that states: > "OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure > Vulnerability". Did Symantic really label it an OpenSSL CVE? That's wrong. OpenSSL does not have this defect. /r$ _______________________________________________ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users _______________________________________________ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
