gyara sakin ɗakin karatu na cryptographic , wanda a ciki ake kawar da shi (), yana haifar da ƙin sabis lokacin ƙoƙarin yin shawarwari dangane da haɗin TLS 1.3 tare da uwar garken da ke sarrafa maharin ko abokin ciniki. An ƙididdige raunin a matsayin babban tsanani.
Matsalar tana bayyana ne kawai a cikin aikace-aikacen da ke amfani da aikin SSL_check_chain() kuma yana sa tsarin ya rushe idan an yi amfani da tsawo na TLS "signature_algorithms_cert" ba daidai ba. Musamman, idan tsarin shawarwarin haɗin kai ya karɓi maras tallafi ko ƙimar da ba daidai ba don sarrafa sa hannu na dijital na algorithm din, NULL mai nuna rashin fahimta yana faruwa kuma tsarin ya rushe. Matsalar tana bayyana tun fitowar OpenSSL 1.1.1d.
source: budenet.ru