CVE-2011-338

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: CVE-2011-338
From: BFinkeldei@xxxxxxxxxxxxxxx
Date: Tue, 15 May 2012 14:04:50 -0500
Reply-to: users@xxxxxxxxxxxxxxxx

I am trying to verify if the openssl env I am working in 0.9.8u is affected or not. I don't beleive it is because it seems this is NOT a default option that is enabled.

Line from the CVE-2011-338
OpenSSL uses empty fragments as a countermeasure unless the 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL is initialized.

My question is where do you add these 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' initialization options?

Brad

Prev by Date: Re: Response code 408
Next by Date: I need a notification with all timeouts
Previous by thread: rpmbuild fails with "nss native error -8128: (SEC_ERROR_NO_MODULE)"
Next by thread: I need a notification with all timeouts
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]