Comment 211 Re: Not a Big One

Story

OpenSSL CCS Injection Vulnerability

Preview

Not a Big One (Score: 0)

by Anonymous Coward on 2014-06-06 01:32 (#20Z)

If I understand correctly, this only applies to OpenSSL client to OpenSSL server communication, NOT browser to OpenSSL server (?).

So while huge for those who relied on it this way, the pool of vulnerability is smaller than Heartbleed.

Re: Not a Big One (Score: 1)

by tempest@pipedot.org on 2014-06-06 12:43 (#211)

Since the major browsers use something other than SSL it's not a big deal as far as browser security no. Some utilities (can) use Openssl like wget, and anything secured using stunnel is vulnerable. My only worry is patching my mail servers, some of which talk to each other using TLS only and assume the connection is secure.

Junk Status

Not marked as junk