You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The text was updated successfully, but these errors were encountered:
h2o
locked and limited conversation to collaborators
Dec 14, 2017
kazuho
changed the title
test
fix crash when logging TLS 1.3 properties (CVE-2017-1087)
Dec 15, 2017
kazuho
changed the title
fix crash when logging TLS 1.3 properties (CVE-2017-1087)
fix crash when logging TLS 1.3 properties (CVE-2017-10872)
Dec 15, 2017
The server segfaults when trying to emit the bits of a TLS 1.3 cipher-suite being used to the access-log (by specifying
%{ssl.cipher-bits}x
).To avoid the issue, users are advised to upgrade to version 2.2.4 or to disable the use of TLS 1.3 (by setting the
maximum-version
to1.2
).The issue was reported by @herumi in #1465.
The text was updated successfully, but these errors were encountered: