Re: [openssl-users] CVE-2011-1473 fixed version

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jeffrey Walton > Sent: Thursday, December 11, 2014 16:26 > To: OpenSSL Users List > Subject: Re: [openssl-users] CVE-2011-1473 fixed version > > > I wasn't involved at the time, but readi

Re: [openssl-users] CVE-2011-1473 fixed version

> I wasn't involved at the time, but reading about it now CVE-2011-1473 > essentially says (as I understand it) that if you fire lots of SSL > handshakes at a server it could cause a DoS because it is much cheaper on > the client side than it is on the server side. That's pretty disingenuous. You c

Re: [openssl-users] CVE-2011-1473 fixed version

On 11/12/14 11:35, Gayathri Manoj wrote: > Hi Jeffrey, > > In this its not mentioned. > > Thanks, > Gayathri > > On Thu, Dec 11, 2014 at 4:46 PM, Jeffrey Walton > wrote: > > On Thu, Dec 11, 2014 at 6:07 AM, Gayathri Manoj > mailto:gayathri.an...@gmail.com>> wrot

Re: [openssl-users] CVE-2011-1473 fixed version

On Thu, Dec 11, 2014 at 6:35 AM, Gayathri Manoj wrote: > Hi Jeffrey, > > In this its not mentioned. > Then its not applicable or has not been fixed. > On Thu, Dec 11, 2014 at 4:46 PM, Jeffrey Walton wrote: >> >> On Thu, Dec 11, 2014 at 6:07 AM, Gayathri Manoj >> wrote: >> > Hi All, >> > >> > Pl

Re: [openssl-users] CVE-2011-1473 fixed version

Hi Jeffrey, In this its not mentioned. Thanks, Gayathri On Thu, Dec 11, 2014 at 4:46 PM, Jeffrey Walton wrote: > On Thu, Dec 11, 2014 at 6:07 AM, Gayathri Manoj > wrote: > > Hi All, > > > > Please let me know in which version CVE-2011-1473 got fixed. > > Is openssl-1.x is vulnerable to this i

Re: [openssl-users] CVE-2011-1473 fixed version

On Thu, Dec 11, 2014 at 6:07 AM, Gayathri Manoj wrote: > Hi All, > > Please let me know in which version CVE-2011-1473 got fixed. > Is openssl-1.x is vulnerable to this issue? > https://www.openssl.org/news/vulnerabilities.html ___ openssl-users mailing