[lug] apache config, TLSv1 versus SSLv2?
Ed Moxley
ed at moxleynet.com
Sun Sep 4 14:50:54 MDT 2005
On Sun, 2005-09-04 at 14:27, David L. Anselmi wrote:
> Lee Woodworth wrote:
> [...]
> > TLS 1 is essentially SSL 3. TLS is a 'standard' while SSL is a
> > netscape specification. SSL 2 has security issues so I wouldn't
> > allow it for the server or for your browser.
>
> Is that a vulnerability in the SSL v2 protocol, or in some
> implementations of it? Do you have any details?
>
> Dave
Vulnerability Note VU#102795
OpenSSL servers contain a buffer overflow during the SSL2 handshake
process
http://www.kb.cert.org/vuls/id/102795
More information about the LUG
mailing list