
OpenSSL Security Advisory: 0-byte record padding oracle - cantorjf
https://www.openssl.org/news/secadv/20190226.txt
======
password4321
Previous discussion of the issue in general which affects many TLS
implementations:

[https://news.ycombinator.com/item?id=19256553](https://news.ycombinator.com/item?id=19256553)

> _We evaluated the Alexa Top Million Websites for CBC padding oracle
> vulnerabilities in TLS implementations and revealed vulnerabilities in 1.83%
> of them, detecting nearly 100 different vulnerabilities._

------
josteink
> This issue does not impact OpenSSL 1.1.1 or 1.1.0.

> OpenSSL 1.0.2 users should upgrade to 1.0.2r.

