Shravan
Reputation: 540
Does OpenSSL 1.0.1h also suffer from POODLE attack like SSL 3.0 suffers?
SSL 3.0 library suffers from POODLE attack.
OpenSSL's latest version is 1.0.1h as of now.
Does OpenSSL also suffer from the same attack ?
I couldn't find any related info either on google or OpenSSL forum.
I use a openvpn android client which uses OpenSSL 1.0.1 h that is why I am worried.
Any help is appreciated.
Thanks in advance !
Upvotes: 2
Views: 182
Answers (1)
Durai Amuthan.H
Reputation: 32280
Yes OpenSSL 1.0.1h suffers from the POODLE attack.
But you don't have to worry as OpenVPN has always been strictly TLS 1.0 or TLS 1.0+ and since OpenVPN 2.x never supported SSLv3 or SSLv3 fallback as well.
Here is a link for your reference
Hope this helps
Upvotes: 4
Related Questions
- How to disable SSLv3 in android for HttpsUrlConnection?
- Why does POODLE Attack only affect after downgrading to SSL 3.0?
- Do openssl-1.0.1g has android platform support?
- Will SSLContext.getInstance("TLS") supports TLS v1.1 and TLS v1.2 also?
- How to enable SSL 3 in Java
- SSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number error when disabling ssl and enabling TLS
- Poodle vulnerability need to change SSL 3.0 to TLS
- POODLE SSLv3 Vulnerability still testing failed
- Oracle HTTP Server (OHS) Apache 2.2.13 Poodle SSLv3 Fix?
- Android Poodlebleed TLS Support