[Ach] POODLE on TLS < 1.2

Hanno Böck hanno at hboeck.de
Tue Dec 9 13:57:14 CET 2014

On Tue, 9 Dec 2014 13:52:14 +0100
Pepi Zawodsky <pepi.zawodsky at maclemon.at> wrote:

> Ok, so not TLS 1.1 or 1.2 protocol specification in particular but
> “only” implementations that do not follow said specification. As I
> expected. Thanks for confirming.

The wording of TLS 1.2 says the padding MUST be checked. No such note
in TLS 1.0 or 1.1.

So it could be said this affects valid TLS 1.0/1.1 implementations.
BTW, contrary to the subject of this thread it also affects TLS 1.2 for
F5 load balancers, but that's clearly a bug.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141209/156f7152/attachment.sig>

More information about the Ach mailing list