Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

A bug in DTLS will not get attention because people don't run DTLS.


Yea probably a poor choice of a OpenSSL vulnerability, I was assuming this was on by default even when using TLS like lot's of other OpenSSL features but then I found this line, "Only applications using OpenSSL as a DTLS client are affected."[1]

CVE-2012-2110 is probably a better choice.

[1]: https://www.openssl.org/news/secadv/20140605.txt


CVE-2012-2110 is probably a better choice.

From the openssl advisory[0], "In particular the SSL/TLS code of OpenSSL is not affected.".

[0] - https://www.openssl.org/news/secadv/20120419.txt




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: