1. 3

  2. 2

    The strangest email just appeared on the OpenSSL list. I may be reading this too negatively, but to me it sounds like EMC (1) don’t understand how protocols are layered on top of each other and (2) are open to heartbleed. The email is from someone at VMAX, which is the EMC storage solution. A quick search suggests this could be EMCRemote on port 5414 (eg ftp://ftp.avamar.com/pub/rcm/vnx/tools/emcremote/EMCRemote%206.04.08%20User%20Guide.pdf and http://www.emc.com/collateral/hardware/specification-sheet/300-007-926-a01-secure-remort-support-gateway.pdf).

    Have I missed something? Do you think that the TLS is somehow encapsulated inside another protocol?

    Edit: OK, there’s now a reply that confirms my take. It’s worrying how deep this goes and how little EMC seem to understand.

    1. 1

      Given what a mess OpenSSL is and that there are no usable API docs, this is probably the case for most people using it.

      1. 1

        i don’t know the details, but openssl’s “mess” doesn’t really affect how one transport layers over another. openssl shouldn’t become the scapegoat for clelessness