Severity: Unknown
Affected Package: openssl
Summary: SSLv2 ciphers negotiable despite being disabled
A malicious client could negotiate SSLv2 ciphers that had been disabled on the server and complete SSLv2 handshakes even when all SSLv2 ciphers were disabled, provided the SSLv2 protocol itself was not disabled via SSL_OP_NO_SSLv2. This weakened intended cipher restrictions. Fixed in the 0.7.4 release.
No specific recommendations provided.
Aliases: CVE-2015-3197
Published: January 30, 2016
Last Modified: January 30, 2016