You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by BF...@aaamissouri.com on 2012/05/15 21:04:50 UTC
[users@httpd] CVE-2011-338
I am trying to verify if the openssl env I am working in 0.9.8u is
affected or not. I don't beleive it is because it seems this is NOT a
default option that is enabled.
Line from the CVE-2011-338
OpenSSL uses empty fragments as a countermeasure unless the
'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL is
initialized.
My question is where do you add these 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS'
initialization options?
Brad