During a renegotiation handshake if the Encrypt-Then-Mac extension is
negotiated where it was not in the original handshake (or vice-versa) then this
can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers
are affected.

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20170216.txt

 

Impact

 

None

 

Affected Products

 

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html

 



 

 

 


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: April 16, 2019