As per this paper, OpenSSL was also vulnerable but OpenSSL fixed them
independently of the authors' disclosure.
A. OpenSSL TLS Implementation
However, OpenSSL’s code does contain two side channel vulnerabilities.
One vulnerability has been described in Section IV-A and the other is
presented here. We note that OpenSSL replaced the vulnerable code in
both locations with constant-time implementations independently of our
The paper does not list the CVE for the openssl vulnerability.
Is there a CVE for this? What are the affected versions and in which
version they were fixed?