On Fri, Nov 19, 2010, Muhammed Shafeek wrote:
In the Advisory it is mentioned that
Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should
update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue.
What about users of OpenSSL releases before 0.9.8f ?
To: openssl-users@openssl.org
Cc: Nivedita Melinkeri nivedita...@gmail.com
Sent: Wed, November 17, 2010 4:15:36 AM
Subject: Re: Question regarding OpenSSL Security Advisory
On 11/16/2010 11:06 PM, Nivedita Melinkeri wrote:
Hi,
I had some questions about the latest security advisory. I understand
On 11/18/2010 7:26 AM, Pandit Panburana wrote:
I am not clear about the condition that vulnerability when using
internal session caching mechanism. Is it the same thing as TLS session
caching or this is some thing different?
The internal session caching mechanism caches TSL session
Schwartz dav...@webmaster.com
*To:* openssl-users@openssl.org
*Cc:* Nivedita Melinkeri nivedita...@gmail.com
*Sent:* Wed, November 17, 2010 4:15:36 AM
*Subject:* Re: Question regarding OpenSSL Security Advisory
On 11/16/2010 11:06 PM, Nivedita Melinkeri wrote:
Hi,
I had some questions about
--
*From:* David Schwartz dav...@webmaster.com
*To:* openssl-users@openssl.org
*Cc:* Nivedita Melinkeri nivedita...@gmail.com
*Sent:* Wed, November 17, 2010 4:15:36 AM
*Subject:* Re: Question regarding OpenSSL Security Advisory
On 11/16/2010 11:06 PM, Nivedita
From: David Schwartz dav...@webmaster.com
To: openssl-users@openssl.org
Cc: Nivedita Melinkeri nivedita...@gmail.com
Sent: Wed, November 17, 2010 4:15:36 AM
Subject: Re: Question regarding OpenSSL Security Advisory
On 11/16/2010 11:06 PM, Nivedita Melinkeri wrote
In the Advisory it is mentioned that
Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should
update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue.
What about users of OpenSSL releases before 0.9.8f ? Isn't the vulnerability
applicable there as well?
On 11/16/2010 11:06 PM, Nivedita Melinkeri wrote:
Hi,
I had some questions about the latest security advisory. I understand
that this applies to multi-threaded application while using ssl sessions.
Correct.
If the application is written thread safe using
CRYPTO_set_locking_callback
Hi,
I had some questions about the latest security advisory. I understand that
this applies to multi-threaded application while using ssl sessions.
If the application is written thread safe using CRYPTO_set_locking_callback
functions will the vulnerability still apply ?
If the ssl code calls