Hi, >> OpenSSL does not have this defect. Does this mean that openssl is not vulnerable to this issue even if TLS 1.0/TLS 1.1 are enabled? Are all versions of openssl (0.9.8* and 1.0.1*) free from impact? Thanks, RMitra -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Salz, Rich Sent: Wednesday, December 10, 2014 12:56 AM To: openssl-users at openssl.org Subject: Re: CVE-2014- and OpenSSL? > I also received a notification from Symantec's DeepSight, that states: > "OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure > Vulnerability". Did Symantic really label it an OpenSSL CVE? That's wrong. OpenSSL does not have this defect. /r$ _______________________________________________ openssl-users mailing list openssl-users at openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
