On 19/08/2015 16:37, Salz, Rich wrote: > Try this as a starting point: https://security.ias.edu/poodle-and-beast-isnt-love-story-sslv3-cipher-vulnerability > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users That's just some guy pontificating before the SCSV countermeasure was available. Absolutely no technical arguments. The list of "sources" is equally random and non-detailed as to why there is nothing salvageable. For instance, one is a link where Bodo Moeller explains why something like the _EMPTY_FRAGMENTS countermeasure is needed for the IV issue. I know a lot of people said the sky was falling, I am trying to remember why. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
