Help Net Security – (International) Fuzz-o-Matic finds critical flaw in OpenSSL. Codenomicon helped identify a critical flaw in widely used encryption software. A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2, and DTLS can be exploited in a denial-of-service attack on both client and server software. The flaw was found with Fuzz-o-Matic, a cloud-based testing platform. The TLS security protocol is the current Internet standard for encrypting and authenticating application traffic. TLS is used daily by millions of people in online banking, ecommerce, e-mail, and voice-over-IP applications. The OpenSSL is an open-source implementation of TLS. It is used in standard operating systems, Web browsers, e-mail clients, and network devices, from WiFi access points and DSL modems to industrial-strength core routers.