During a renegotiation handshake if the Encrypt-Then-Mac extension is
negotiated where it was not in the original handshake (or vice-versa) then this
can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers
are affected.

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20170216.txt

Impact

None

Affected Products

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html




Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018