2010 Security Vulnerability in TLS versions 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a

openssl-security-advisory-16-november-2010

Download Full Advisory (PDF) | Source

Notes:

TLS is used for encrypting HTTPS traffic that is used commonly for electronic commerce. Do not panic, just because a connection uses 1.0 doesn’t make it vulnerable. For example, one of the most common web servers, Apache, never uses OpenSSL internal caching and are not affected, as per the security advisory released by OpenSSL ( http://www.openssl.org/news/secadv_20101116.txt ). However, I still recommend to look for TLS 1.1 for sending any sensitive information such an online commerce. This information is available from your browser typically by clicking upon the secure lock icon next to the URL.