Hi,

there's a workaround here : https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

it aims to forbid protocol downgrade, except for interoperability
however I don't know when draft will be accepted and included to TLS protocols

Nicolas


----- Mail original -----
De: "Dominyk Tiller" <***@gmail.com>
À: openssl-***@openssl.org
Envoyé: Mardi 14 Octobre 2014 18:19:34
Objet: Re: Vuln in SSL 3.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

If there is a threat in SSLv3 it seems almost certain to affect OpenSSL.

The upstream dev team not commenting on this is probably fairly
standard protocol; I believe they don't comment on anything critical
that could be exploited before patches are imminent or available.

I guess the situation is "Watch this space".

Sent from Thunderbird for OS X. My PGP public key is automatically
attached to this email.
OpenSSL Project http://www.openssl.org
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJUPU0UAAoJEIclJNuddDJsNYUP/A00vuZ/PUsoIG/rORgw9yvj
Gg9IIfybSodxdVpeQeI98z1wxEh4+6p99MYmZTvJ3RnRATrMn2ymjrYbJz4Jj43q
0d3kg3QQCPnPimFkgCo2IwdT/K2TCZl2pAwIOJn5Mo25nGnVL7WpH62PXjtBLpvz
Im7WME5W8qzhZ+cHQJA3A+P5ow9q+aS++/bNk/dq80EON4/gyxRvu/BNl+/DmCfw
2SKP57k8huHj5F0voziNPKLPd2RBtgxS9iAEVZ9bmWLLTxdfTfTs19+VZRm2yyXw
KFM2DbeWJORrWkxO0yDPS5FNVv54brkmvu8Iu7Ge3fbYNXSAe5SKJMhmwiXone7S
XZFLY9KceZjj1jrX9JLDE8Ivp/gp+9W2LrafguZhYnSeZ2SRtx/vDloPDKrv1V/N
ny2EudnX+vN6KRMqfpcGc/NR3/ODfkHkXfKVuZ056oPxsSBCFJSzlVl2gDfMTCDV
fH+emZEN2lN9okRIbZadNlGy8Ef34ZvX52CzBonA1u30YI/PiSjiC+8l8HxjEDJv
VhZSJb2dwMJX/7AtXGcEL9C9avRmfzjFullbaCM5HDnKlwvUC/04HkYuydft66XW
VrILhscdrGiBOIiQTaJuiJPBavSQEt8LCYpZOS74icvlB5RzI8Mk8I6V976XzBoS
QAGulIxAp/+CYisBYr6j
=3vi3
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org