[Ach] Issue with OpenSSL >0.9.8l
Aaron Zauner
azet at azet.org
Fri Apr 25 19:53:19 CEST 2014
Hi Jan, Leon,
This so far only concerns our project as our ciphersuite is not
correctly handled by old OpenSSL versions and may end up being less
secure than it actually should be. If you use our recommendations stay
tuned for an updated version that tries to handle this issue. If you're
using your own ciphersuite specs you should check what ciphers they
allow for.
It's not a software vulnerability (althoug these old versions of OpenSSL
probably have plenty), it's an issue how OpenSSL interprets ciphersuite
configurations.
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140425/918f4c03/attachment.sig>
More information about the Ach
mailing list