Originally Posted by
dvarnai There's no official confirmation either and as far as we know that site might be looking at user agent for vulnerable webkit versions, which doesn't mean BlackBerry doesn't have its own set of patches in webkit, it just means the browser is based on that version. The list of ciphers doesn't contain the vulnerable cipher so the site is clearly unreliable for checking whether you are vulnerable or not. Blackberry has already evaded openssl vulnerabilities such as heartbleed, simply because BlackBerry uses its own crypto kernel. I don't say they are not using openssl for the browser but there's no proof either that they do, nor the site confirms that the vulnerability indeed exists in BlackBerry browser. The 25xx os that some guy has on the forums has a newer webkit version. If the site bases its detection on that, then it's explained why it says you are vulnerable yet we don't even have the vulnerable cipher
anyway all I'm saying is, something is clearly not right on that site, you can check for yourself. And there's also proof that BlackBerry doesn't use openssl everywhere either.
BlackBerry Q10 SQN100-3