[Ach] Issue with OpenSSL >0.9.8l
Jan
jan at jan-hill.com
Fri Apr 25 20:06:56 CEST 2014
Hi Aaron, maybe this is not a security fault, but it is in my opinion a bug in a software, that is used in this branch in different products. Actually I read a lot of mailing list and blogs and also git repos.
If I able to use my phone in a better way, I will write the bug to the openssl mailinglist, at the moment there is a lot of noise there. At least if I am back at home, i will write.
Cheers jan
On 25. April 2014 19:53:19 MESZ, Aaron Zauner <azet at azet.org> wrote:
>Hi Jan, Leon,
>
>This so far only concerns our project as our ciphersuite is not
>correctly handled by old OpenSSL versions and may end up being less
>secure than it actually should be. If you use our recommendations stay
>tuned for an updated version that tries to handle this issue. If you're
>using your own ciphersuite specs you should check what ciphers they
>allow for.
>
>It's not a software vulnerability (althoug these old versions of
>OpenSSL
>probably have plenty), it's an issue how OpenSSL interprets ciphersuite
>configurations.
>
>Aaron
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ach mailing list
>Ach at lists.cert.at
>http://lists.cert.at/cgi-bin/mailman/listinfo/ach
--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140425/b90dbc59/attachment.html>
More information about the Ach
mailing list