The text was updated successfully, but these errors were encountered:
h2o
locked and limited conversation to collaborators
Dec 14, 2017
kazuho
changed the title
test
fix crash when logging TLS 1.3 properties (CVE-2017-1087)
Dec 15, 2017
kazuho
changed the title
fix crash when logging TLS 1.3 properties (CVE-2017-1087)
fix crash when logging TLS 1.3 properties (CVE-2017-10872)
Dec 15, 2017
The server segfaults when trying to emit the bits of a TLS 1.3 cipher-suite being used to the access-log (by specifying
%{ssl.cipher-bits}x).To avoid the issue, users are advised to upgrade to version 2.2.4 or to disable the use of TLS 1.3 (by setting the
maximum-versionto1.2).The issue was reported by @herumi in #1465.
The text was updated successfully, but these errors were encountered: