Thanks Florian, Jakob, Matt and everyone else. You guys are fascinating.
Its a rocking community. Thanks again for your excellent support and taking
pain to answer my repeated questions.
On Mon, Oct 27, 2014 at 1:04 AM, Florian Weimer wrote:
> * Aditya Kumar:
>
> > Suppose, t
er
>>> that the second handshake with SSLv3 is a fallback of a previous
>>> handshake announcing the availability of TLSv1 or better.
>>>
>>> Second question: When the client starts due to a MITM attack a
>>> second handshake
flag set.
Hope this will clear all the confusions.
-Aditya
On Fri, Oct 24, 2014 at 5:35 PM, Jakob Bohm wrote:
> On 24/10/2014 13:33, Aditya Kumar wrote:
>
>> Hi All,
>>
>> Thanks for your detailed responses, specially Florian Weimer and Matt
>> Caswell. For the be
Hi All,
Thanks for your detailed responses, specially Florian Weimer and Matt
Caswell. For the benefit of everyone and me, I am summarizing the thoughts
which I have understood through all your replies. Please correct
me wherever I am wrong.
To summarize:
1. Best way to prevent POODLE atta
Hi All,
I have a question regarding SSL_MODE_SEND_FALLBACK_SCSV introduced in
OpenSSL 0.9.8zc as part of a preventive measure for SSL 3.0 POODLE
vulnerability.
I have client and server applications using OpenSSL for SSL/TLS
communication. My question is that what will happen if I update my clien
Hi All,
We are using OpenSSL version 0.9.8h. We take the security vulnerability
fixes from latest release of OpenSSL 0.9.8 series and patch our internally
used 0.9.8h.
>From the OpenSSL release 0.9.8za, we took CVE-2014-0224 and merged it our
OpenSSL code. But in latest release 0.9.8za, I see tha
