风险等级: 中(zhōng)
  CVE标识符: : CVE-2015-0285
  建议日期 : 2015年3月19日

  描述

This vulnerability is found in the ssl3_client_hello function in s3_clnt.c (OpenSSL 1.0.2 before 1.0.2a). When exploited successfully, it may be possible for remote attackers to bypass cryptographic protections mechanisms via sniffing the network and brute force attack.

Users are advised to upgrade their OpenSSL to version 1.0.2a.

  解决方案