[Openid-specs-ab] New MITM bug of OpenSSL

Nat Sakimura sakimura at gmail.com
Thu Jun 5 17:28:56 UTC 2014


One of our WG member company, Lepidum, found a serious bug on OpenSSL.
It affects all OpenSSL versions to date except for the newest ones, which
were fixed after CVE was filed.

See
http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
for details.

Since OpenID Connect relies on TLS for its security, I think this is a
relevant information, so I am posting it here besides my Fb and Twitter
timelines.

Cheers,

-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140606/1d1ae889/attachment.html>


More information about the Openid-specs-ab mailing list