Ask Symantec why they labeled it as an openssl CVE; it is not. Read AGL’s blog post[1]. Two specific implementations are identified and a different crypto library (NSS) is implicated.
This is about as formal a statement as you’re going to get. ☺ [1] https://www.imperialviolet.org/2014/12/08/poodleagain.html
_______________________________________________ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
