OpenSSL CVE-2012-2686 Weak Encryption Vulnerability

description-logoDescription

A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 onAES-NI supporting platforms can be exploited in a DoS attack. If you areunsure if you are using AES-NI see "References" below.Anyone using an AES-NI platform for TLS 1.2 or TLS 1.1 on OpenSSL 1.0.1c isaffected. Platforms which do not support AES-NI or versions of OpenSSL whichdo not implement TLS 1.2 or 1.1 (for example OpenSSL 0.9.8 and 1.0.0) arenot affected.Thanks go to Adam Langley for initially discovering thebug and developing a fix and to Wolfgang EttlingersAffected users should upgrade to OpenSSL 1.0.1d

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2012-2686