Akamai Diversity

The Akamai Blog

OpenSSL vulnerability (CVE-2014-0224)

The OpenSSL Project today disclosed new vulnerabilities in the widely-used OpenSSL library.  These are vulnerabilities that can potentially impact OpenSSL clients and servers worldwide.
The most interesting is the ChangeCipherSpec Injection, which would enable a man-in-the-middle attack to force weaker ciphers into a communication stream.  
Akamai SSL services (both Secure Content Delivery and Secure Object Delivery) have been patched for this vulnerability. The other vulnerabilities are relatively uninteresting for our environment - we don't support DTLS, and we don't enable SSL_MODE_RELEASE_BUFFERS.

Leave a comment