FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openssl -- crash on handshake

Affected packages
openssl-devel < 1.1.0e


VuXML ID 1a802ba9-f444-11e6-9940-b499baebfeaf
Discovery 2017-02-16
Entry 2017-02-16

The OpenSSL project reports:

Severity: High
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected.
This issue does not affect OpenSSL version 1.0.2.


CVE Name CVE-2017-3733