05 Jun 2014 Hello. My name is Masashi Kikuchi. Here is my story how I find the CCS Injection Vulnerability. ( CVE-2014-0224 ) The problem is that OpenSSL accepts ChangeCipherSpec (CCS) inappropriately during a handshake. This bug has existed since the very first release of OpenSSL. title Message flow for a full handshake Client->Server: ClientHello Server->Client: ServerHello opt Server->Client: Certificate Server->Client: ServerKeyExchange Server->Client: CertificateRequest end Server->Client: ServerHelloDone opt Client->Server: Certificate end Client->Server: ClientKeyExchange opt Client->Server: CertificateVerify end Client->Server: [ChangeCipherSpec] Client->Server: Finished Server->Client: [ChangeCipherSpec] Server->Client: Finished Client<->Server: Application Data In a correct handshake, the client and the server exchange messages in the order ...