> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of > Matt Caswell > Sent: Wednesday, February 27, 2019 12:07 > > On 27/02/2019 16:47, Michael Wojcik wrote: > > > > Frankly, this latest vulnerability in OpenSSL 1.0.2 feels pretty minor in > > that regard, since it depends on two different (if related) behaviors by the > > application to be vulnerable. The application has to incorrectly attempt a > > second SSL_shutdown if the first one fails (it should only do the second if > > the first succeeds), > > This is not quite correct. It requires you to incorrectly call SSL_shutdown() > twice (once to send a close_notify, and once to receive one) having previously > encountered a fatal error. Thanks for the correction. Still the general point applies: it depends on the application having rather suspect error handling, and on having visibly different behavior for the two cases in order to provide an oracle. Perhaps that's not uncommon, but I checked some of our products which use OpenSSL, and they didn't have either behavior. -- Michael Wojcik Distinguished Engineer, Micro Focus
