openssl CCS Injection Vulnerability 已存在 16 年之久

2014-06-06 10:42:56 +08:00
 p2p
OpenSSL’s ChangeCipherSpec processing has a serious vulnerability. This vulnerability allows malicious intermediate nodes to intercept encrypted data and decrypt them while forcing SSL clients to use weak keys which are exposed to the malicious nodes.



A. Affected Versions:

OpenSSL 1.0.1 through 1.0.1g
OpenSSL 1.0.0 through 1.0.0l
all versions before OpenSSL 0.9.8y


B. Not Affected Versions:

OpenSSL 1.0.1h
OpenSSL 1.0.0m
OpenSSL 0.9.8za

http://ccsinjection.lepidum.co.jp/
3305 次点击
所在节点    程序员
2 条回复
windyboy
2014-06-06 13:09:06 +08:00
看来还要改
io565
2014-06-06 13:20:20 +08:00
openssl干脆推翻重建吧 再来几个漏洞google岂不是都要放弃治疗了

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/116058

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX