Hi Steve, I am also seeing AES along with GCM and RC4 in my search if I disable CBC. So can it guarantee that still client and server can communicate. Also if I use both end points as having same version of openssl than also there can be any problem. Regards, Alok
On Tue, Nov 12, 2013 at 8:23 PM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Tue, Nov 12, 2013, Alok Sharma wrote: > > > One of the openSSL vulnerabilities is: > > > > CVE-2013-0169: > > > > The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used > > in OpenSSL, , do not properly consider timing side-channel attacks on a > MAC > > check requirement during the processing of malformed CBC padding, which > > allows remote attackers to conduct distinguishing attacks and > > plaintext-recovery attacks via statistical analysis of timing data for > > crafted packets, aka the "Lucky Thirteen" issue. > > > > All versions of OpenSSL are affected including 1.0.1c, 1.0.0j and > 0.9.8x > > > > Affected users should upgrade to OpenSSL 1.0.1d, 1.0.0k or 0.9.8y > > > > we use DTLS 1.0 protocol. > > > > Does anyone know of any setting in openssl configuration that can be > > tweaked to mitigate this vulnerability? E.g. a setting to not allow use > of > > algorithms with CBC etc.? > > > > The vulnerability is addressed in the latest OpenSSL releases. > > If you disable CBC ciphers then you're only left with GCM and RC4. RC4 > can't > be used with DTLS and GCM is only supported in DTLS 1.2. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >