SSL broken. (TLS 1.0 cryptographic attack that works. Not just fake certs.)

[wladimir]

This is scary. Would this also affect SSH (which uses OpenSSL) and SSL-based VPNs? Or is it specific to SSL in the browser?

[dramaticus3]

That's what I'm trying to find out too. TLS is used in many more places than HTTPS, email for instance (my area).

    Received: from TX2EHSOBE001.bigfish.com (tx2ehsobe001.messaging.microsoft.com [65.55.88.11])
   	(using TLSv1 with cipher AES128-SHA (128/128 bits))