Openssl vulnerability -- Adobe Connect 8.2

Question

What is the supported patch / fix for Adobe Connect 8.2 and Openssl vulnerabilities discovered over the last few months? I'm assuming it is due to an old stunnel implementation.

The remote service accepted an SSL ChangeCipherSpec message at an incorrect point in the handshake  leading to weak keys being used, and then attempted to decrypt an SSL record using those weak keys.

CVE-2010-5298 

CVE-2014-0076 

CVE-2014-0195

 CVE-2014-0198 

CVE-2014-0221

 CVE-2014-0224

CVE-2014-3470

Jorma_at_Knox · Answer

You should go and download the Stunnel application and replace the version included with Connect 8.2. stunnel: Downloads

So you are aware, Connect 9 and newer installers no longer come with Stunnel, So you will need to go to Stunnel's site to download the latest version when upgrading (unless you are already on the latest version).

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded