POODLE attack on TLS1.2

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

POODLE attack on TLS1.2

Akshar Kanak
Dear Team
       In https://en.wikipedia.org/wiki/POODLE , It is mentioned that POODLE attack is possible aganist TLS also . has this issue been alredy addressed in openssl .

Thanks and regards
Akshar


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: POODLE attack on TLS1.2

Matt Caswell-2


On 27/02/17 12:03, Akshar Kanak wrote:
> Dear Team
>        In https://en.wikipedia.org/wiki/POODLE , It is mentioned that
> POODLE attack is possible aganist *TLS *also . has this issue been
> alredy addressed in openssl .

This was never an issue in OpenSSL - so there is nothing to address.
This issue only affected certain implementations that did not correctly
handle TLS padding (notably F5 and A10 devices). See:

https://www.imperialviolet.org/2014/12/08/poodleagain.html

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: POODLE attack on TLS1.2

Richard Könning
In reply to this post by Akshar Kanak
On 27.02.2017 13:03, Akshar Kanak wrote:
> Dear Team
>        In https://en.wikipedia.org/wiki/POODLE , It is mentioned that
> POODLE attack is possible aganist *TLS *also . has this issue been
> alredy addressed in openssl .
>
> Thanks and regards
> Akshar

As the corresponding section in the Wikipedia article says that is not a
flaw in the TLS protocol but a flaw in it's implementations, more
exactly in the implementation of CBC encryption mode. For being on the
safe side take cipher suites not using CBC mode.
Best regards,
Richard
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...