[Ach] [saag] POODLE in detail (was Re: NTP security, and thoughts on Hawaii)
Aaron Zauner
azet at azet.org
Tue Nov 4 18:54:10 CET 2014
* Aaron Zauner <azet at azet.org> [141104 18:46]:
> .) The cipherstring needs to work with the 0.9.8 as well as 1.0.1
> trees of OpenSSL. Both parse Cipherstrings very differently,
> getting a result that will work on both took me a whole weekend
> - and, agreed, it looks terrible. But it works.
Actually writing the supporting testing script took me a weekend
(and fighting through the OpenSSL sourcecode jungle with a machete),
not the cipherstring itself. It's actually not easy to understand
how OpenSSL works if you're not familiar with their codebase. Their
API is also difficult to use, which is why I sometimes come across
FOSS projects that wrongly implement SSL/TLS.
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141104/3cbf2518/attachment.sig>
More information about the Ach
mailing list