Hi Rich, do we have some formal announcement that openssl is not vulnerable for POODLE in TLS? or can you explain why Openssl is not affected? if symantec is issuing notification like that, i guess, a lot of management will demand explanations. Thanks, Thanks, Arthur On Tue, Dec 9, 2014 at 11:26 AM, Salz, Rich <rsalz at akamai.com> wrote: > > I also received a notification from Symantec's DeepSight, that states: > > "OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure > > Vulnerability". > > Did Symantic really label it an OpenSSL CVE? That's wrong. > > OpenSSL does not have this defect. > > /r$ > > _______________________________________________ > openssl-users mailing list > openssl-users at openssl.org > https://mta.opensslfoundation.net/mailman/listinfo/openssl-users > > -- Thanks, Arthur -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141209/32d34f54/attachment.html>
