OpenSSL no-ssl3 build option Security Bypass Vulnerability (CVE-2014-3568)
Release date:
Updated on:
Affected Systems:
OpenSSL Project OpenSSL <1.0.1j
Description:
Bugtraq id: 70585
CVE (CAN) ID: CVE-2014-3568
OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.
The no-ssl3 build options for versions earlier than OpenSSL 1.0.1j are incomplete. After the no-ssl3 is configured as the build option, the server still accepts and completes the SSL 3.0 handshake, and the client can also be configured to send.
<* Source: Akamai Technologies
Link: https://www.openssl.org/news/secadv_20141015.txt
*>
Suggestion:
Vendor patch:
OpenSSL Project
---------------
The OpenSSL Project has released a Security Bulletin (secadv_20151115) and the corresponding patch:
Secadv_20151115: OpenSSL Security Advisory [15 Oct 2014]
Link: https://www.openssl.org/news/secadv_20141015.txt
OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)
Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian
OpenSSL "heartbleed" Security Vulnerability
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.
OpenSSL details: click here
OpenSSL: click here
This article permanently updates the link address: