PureTLS <http://www.rtfm.com/puretls is a pure Java implementation of SSLv3/TLS. PureTLS 0.9b2 was released Mar 1, 2002. Internal audits prior to the release of PureTLS 0.9b2 discovered a potential attack under certain conditions. This vulnerability was present in all prior versions. Details of this vulnerability have not been disclosed and are being withheld now to allow users time to upgrade. As far as we know, this attack has not been exploited in the wild and is not publicly known. All users of older versions are strongly urged to upgrade immediately. The new version can be downloaded from. http://www.rtfm.com/puretls -Ekr -- [Eric Rescorla ekr@rtfm.com] http://www.rtfm.com/
