OpenSSL no-ssl3 build option Security Bypass Vulnerability (CVE-2014-3568)

OpenSSL no-ssl3 build option Security Bypass Vulnerability (CVE-2014-3568)

Release date:
Updated on:

Affected Systems:
OpenSSL Project OpenSSL <1.0.1j
Description:
Bugtraq id: 70585
CVE (CAN) ID: CVE-2014-3568

OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.

The no-ssl3 build options for versions earlier than OpenSSL 1.0.1j are incomplete. After the no-ssl3 is configured as the build option, the server still accepts and completes the SSL 3.0 handshake, and the client can also be configured to send.

<* Source: Akamai Technologies

Link: https://www.openssl.org/news/secadv_20141015.txt
*>

Suggestion:
Vendor patch:

OpenSSL Project
---------------
The OpenSSL Project has released a Security Bulletin (secadv_20151115) and the corresponding patch:
Secadv_20151115: OpenSSL Security Advisory [15 Oct 2014]
Link: https://www.openssl.org/news/secadv_20141015.txt

OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)

Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian

OpenSSL "heartbleed" Security Vulnerability

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: