CVE-2011-338

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I am trying to verify if the openssl env I am working in 0.9.8u is affected or not.  I don't beleive it is because it seems this is NOT a default option that is enabled.

Line from the CVE-2011-338
OpenSSL uses empty fragments as a countermeasure unless the 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL is initialized.

My question is where do you add these 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS'  initialization options?

Brad
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux