OpenSSL CVE-2014-3568 Weak Encryption Vulnerability

description-logoDescription

Severity: LowWhen OpenSSL is configured with "no-ssl3" as a build option, serverscould accept and complete a SSL 3.0 handshake, and clients could beconfigured to send them.OpenSSL 1.0.1 users should upgrade to 1.0.1j.OpenSSL 1.0.0 users should upgrade to 1.0.0o.OpenSSL 0.9.8 users should upgrade to 0.9.8zc. This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.The fix was developed by Akamai and the OpenSSL team.ReferencesURL for this Security Advisory:https://www.openssl.org/news/secadv_20141015.txtNote: the online version of the advisory may be updated with additionaldetails over time.For details of OpenSSL severity classifications please see:https://www.openssl.org/about/secpolicy.html

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2014-3568