OpenSSL improper handling of Change Cipher Spec message
Overview OpenSSL improperly handles Change Cipher Spec message in the initial SSL/TLS handshake. OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM man-in-the-middle attacker to force a server and a client to use easily guessable cryptgraphic key...