Quoting form the draft of the OpenSSL upstream advisory: SSL_peek() hang on empty record (CVE-2016-6305) =============================================== Severity: Moderate OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack. OpenSSL 1.1.0 users should upgrade to 1.1.0a This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
Acknowledgments: Name: the OpenSSL project Upstream: Alex Gaynor
Created attachment 1203332 [details] OpenSSL upstream fix
Upstream bug with reproducer: https://github.com/openssl/openssl/issues/1563
This issue only affected OpenSSL 1.1.0, which is not yet part of any Red Hat product.
External References: https://www.openssl.org/news/secadv/20160922.txt
Upstream commit: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=63658103d4441924f8dbfc517b99bb54758a98b9