[Ach] [saag] POODLE in detail (was Re: NTP security, and thoughts on Hawaii)

Aaron Zauner azet at azet.org
Tue Nov 4 18:54:10 CET 2014

* Aaron Zauner <azet at azet.org> [141104 18:46]:
>   .) The cipherstring needs to work with the 0.9.8 as well as 1.0.1
>      trees of OpenSSL. Both parse Cipherstrings very differently,
>      getting a result that will work on both took me a whole weekend
>      - and, agreed, it looks terrible. But it works.

Actually writing the supporting testing script took me a weekend
(and fighting through the OpenSSL sourcecode jungle with a machete),
not the cipherstring itself. It's actually not easy to understand
how OpenSSL works if you're not familiar with their codebase. Their
API is also difficult to use, which is why I sometimes come across
FOSS projects that wrongly implement SSL/TLS.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141104/3cbf2518/attachment.sig>

More information about the Ach mailing list