Does OpenSSL 1.0.1h also suffer from POODLE attack like SSL 3.0 suffers?

Question

SSL 3.0 library suffers from POODLE attack.

OpenSSL's latest version is 1.0.1h as of now.

Does OpenSSL also suffer from the same attack ?

I couldn't find any related info either on google or OpenSSL forum.

I use a openvpn android client which uses OpenSSL 1.0.1 h that is why I am worried.

Any help is appreciated.

Thanks in advance !

score 4 · Accepted Answer · answered Oct 15 '14 at 16:45

4

Yes OpenSSL 1.0.1h suffers from the POODLE attack.

But you don't have to worry as OpenVPN has always been strictly TLS 1.0 or TLS 1.0+ and since OpenVPN 2.x never supported SSLv3 or SSLv3 fallback as well.

Here is a link for your reference

Hope this helps

answered Oct 15 '14 at 16:45

Durai Amuthan.H

31,670
10
160
241

FYI: http://duraiamuthan.blogspot.in/2015/02/how-to-protect-yourself-agains-poodle.html – Durai Amuthan.H Feb 21 '15 at 17:30

Does OpenSSL 1.0.1h also suffer from POODLE attack like SSL 3.0 suffers?

1 Answers1