FreeBSD Security Advisory - Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. Various other issues were addressed. Continue reading...
