[Ach] Issue with OpenSSL >0.9.8l <1.0.0

Aaron Zauner azet at azet.org
Fri Apr 25 04:53:03 CEST 2014


Argh. Typo again OpenSSL 0.9.7m. Which means the OpenSSL 0.9.8 tree is
entirely affected as are 0.9.7 versions that appeared later than 0.9.7m.

This has been reproduced on debian squeeze and probably affects EL5 as well
as older versions of Mac OS X.

Sorry for the confusion.

Aaron


On Fri, Apr 25, 2014 at 4:33 AM, Aaron Zauner <azet at azet.org> wrote:

> s/versions 0.9.8l/versions 0.9.8m/
>
>
> On Fri, Apr 25, 2014 at 4:32 AM, Aaron Zauner <azet at azet.org> wrote:
>
>> Hi,
>>
>> It was discovered that our recommendations select an inferior
>> Ciphersuite in OpenSSL versions 0.9.8l to at least 1.0.0.
>> https://github.com/puppetlabs/puppet/pull/2494#issuecomment-41351666
>>
>> This seems to be a flaw in how OpenSSL selects algorithms from a given
>> suite.
>>
>> Aaron
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140425/d1de5a98/attachment.html>


More information about the Ach mailing list