- Home
- CVEs with nessus.description==The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1
before 1.0.1i allows man-in-the-middle attackers to force the use of
TLS 1.0 by triggering ClientHello message fragmentation in
communication between a client and server that both support later TLS
versions, related to a 'protocol downgrade' issue.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top