CVE-2017-3737: Read/write after SSL object in error state¶ OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake thenOpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions ,however due to a bug it does not work correctly if SSL_read or SSL_write iscalled directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read/SSL_write is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. Fixed In:¶ openssl 1.0.2n