Re: [openssl-users] openSSL and SLOTH attack

"Since the HMAC is only 96 bits long, even a generic collision requires only about 248 HMAC computations" But a sequence/call-flow diagram is on the page Sandeep referenced: http://www.mitls.org/pages/attacks/SLOTH - M ___ openssl-users mailing list To

Re: [openssl-users] openSSL and SLOTH attack

2^48. Which is larger than 248, which was a cut-and-paste error. ;-) On Fri, Jan 8, 2016 at 11:00 AM, Michael Sierchio wrote: > "Since the HMAC is only 96 bits long, even a generic collision requires > only about 248 HMAC computations" > > But a sequence/call-flow diagram is

Re: [openssl-users] openSSL and SLOTH attack

Are you going to keep posting and posting until you get a response? :( Master branch, 1.1, is not released but will not be vulnerable (may already be fixed) 1.0.2 is not vulnerable. 1.0.1f and later are not vulnerable. 1.0.0 might be, and is end of life anyway so you should move of that. 0.9.8

[openssl-users] Difference in the methods for listing the FIPS ciphers

Hello, Using 1.0.1e running FIPS module 2.0.9, the following two commands for querying the ciphers do not yield the same results. There are more ciphers declared in the 'string' version. The 'environment variable' version: % OPENSSL_FIPS=1 openssl ciphers -v | The 'string' version: % openssl

[openssl-users] stunnel 5.29 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Users, I have released version 5.29 of stunnel. The ChangeLog entry: Version 5.29, 2016.01.08, urgency: LOW * New features - New WIN32 icons. - Performance improvement: rwlocks used for locking with pthreads. * Bugfixes - Compilation

Re: [openssl-users] openSSL and SLOTH attack

On Fri, Jan 8, 2016 at 2:00 PM, Michael Sierchio wrote: > 2^48. Which is larger than 248, which was a cut-and-paste error. ;-) Right The bad guy should *not* be able to compute a MAC to perform the forgery within TCP's 2MSL bound and TLS timers. However, there's a keep

Re: [openssl-users] New opensssl sources with some missing files released on 2015-Dec-03

On 08/01/16 09:44, Pal, Kamal Kishor wrote: > Hi, > > Any update on packaging errors mentioned in my previous mail.. > > > > Further we notice the extracted openssl source “include” directory does > not have the header files as well. > > > > Any plan from Openssl team to re-package and

Re: [openssl-users] New opensssl sources with some missing files released on 2015-Dec-03

Hi, Any update on packaging errors mentioned in my previous mail.. Further we notice the extracted openssl source "include" directory does not have the header files as well. Any plan from Openssl team to re-package and release again? Regards, Kamal From: Pal, Kamal Kishor Sent: Tuesday,

Re: [openssl-users] openSSL and SLOTH attack

What is the problem with truncated 96-bit HMAC value? Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Jakob Bohm Sent: Thursday, January 7, 2016 19:25 To: openssl-users@openssl.org Reply To: openssl-users@openssl.org Subject: Re: [openssl-users] openSSL and

Re: [openssl-users] openSSL and SLOTH attack

> Does FIPS mode prevent use of MD5: Yes. > Does FIPS mode prevent insecure uses of SHA-1 (a FIPS > algorithm): No. > Does FIPS mode prevent the SSL/TLS handshake from using 96 bit > truncated HMAC values: Probably not. > Does FIPS mode prevent use of the insecurely designed > 'tls-unique'

Re: [openssl-users] openSSL and SLOTH attack

Hello again OpenSSL users, I'm still trying to find out if the 1.0.2 and 1.0.0 branches are affected, and if so which versions and if there are versions with fixes available. Based on the changelog for the 1.0.2 branch (http://openssl.org/news/cl102.txt), version 1.0.1f which contains the fix

[openssl-users] Firefox problems with two way SSL auth

Hi! I encounter this issue when using Firefox to access tomcat (that is using openssl) with client cert authentication. After a certain timeout, the web application does not "see" the clients certificate in requests. The problem happens on different operating systems (Window,s Linux) and