I do not have deeper knowledge about protocols but I think as follows: DTLS
means TLS for datagram packets so it means http does not use DTLS, right? On
the other hand, TLS is affected in OpenSSL 1.0.1 and later which means
0.9.8-related version is not affected, right?
Thus, can I imply that
Hi,
I am questioning if Apache 2.2.22 with OpenSSL 0.9.8t is affected
by CVE-2012-2333 (OpenSSL Invalid TLS/DTLS Record Denial of Service
Vulnerability)?
You may find the details of the vulnerability
here: http://www.openssl.org/news/secadv_20120510.txt
Here, it says that DTLS applications