On 16/02/17 19:54, Nounou Dadoun wrote: > Sorry I haven't been following the discussion on this vulnerability > if there is one. The advisory says that " this can cause OpenSSL to > crash (dependent on ciphersuite) "; is there any indication about > which cipher suites are affected? So that we know whether we should > upgrade now or catch the next one, thanks ... N
A malicious client (say) could cause a server to crash if it has been configured to support at least one AEAD ciphersuite and at least one non-AEAD ciphersuite. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
