OpenSSL CVE-2014-3568 Weak Encryption Vulnerability
Description
Severity: LowWhen OpenSSL is configured with "no-ssl3" as a build option, serverscould accept and complete a SSL 3.0 handshake, and clients could beconfigured to send them.OpenSSL 1.0.1 users should upgrade to 1.0.1j.OpenSSL 1.0.0 users should upgrade to 1.0.0o.OpenSSL 0.9.8 users should upgrade to 0.9.8zc. This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.The fix was developed by Akamai and the OpenSSL team.ReferencesURL for this Security Advisory:https://www.openssl.org/news/secadv_20141015.txtNote: the online version of the advisory may be updated with additionaldetails over time.For details of OpenSSL severity classifications please see:https://www.openssl.org/about/secpolicy.html
Affected Applications
OpenSSL