0

I want to build a special version of OpenSSL that doesn't check AES CBC padding properly. I am looking into source of OpenSSL 1.0.2g. Which files in the source directory, I should look for?

I am trying to setup POODLE TLS vulnerable server, using Apache/Nginx compiled against a special version of OpenSSL that doesn't check padding properly.

jww
  • 97,681
  • 90
  • 411
  • 885
bhushan5640
  • 181
  • 9
  • Why don't you use a version of OpenSSL vulnerable to POODLE? Or, diff 1.0.2g against the vulnerable version you select? You can find past versions of OpenSSL at [Downloads | Source-Old](http://www.openssl.org/source/old/). – jww May 19 '16 at 05:50
  • None of the Openssl version is vulnerable to "Poodle Tls ". Its different from Poodle sslv3 vulnerability. – bhushan5640 May 19 '16 at 05:59

0 Answers0