Heartbleed vulnerability patch causes SSL link bug

"The OpenSUSE community received a report about the bug that the IronPort SMTP server encountered an exception block due to the recent modification to the padding extension code due to the OpenSSL heartbleed vulnerability. OpenSSL 1.0.1g not only fixes the heartbleed vulnerability, but also adds some modifications to the padding extension:

# Define TLSEXT_TYPE_padding 21

This directly causes an SSL Link error (at least on the Ironports device ):

SSL23_GET_SERVER_HELLO: tlsv1 alert decode error

The Padding extension is only used when the ClientHello length is between 256-bytes. Theoretically, reducing the length of ciphersuite to bytes can be one of the temporary solutions, or forcing SSLv3, or remove the above changes and re-compile OpenSSL. Currently, no solutions are provided in the OpenSSL community. "

 

OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)

Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian

OpenSSL "heartbleed" Security Vulnerability

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

OpenSSL Heartbleed vulnerability upgrade method

For more information about Heartbleed, click here.
Heartbleed: click here

This article permanently updates the link address: