Hello users,
NVD vulnerability database confirms the below link as the patch for
CVE-2014-5139 -
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0
This is indicating to CVE-2014-2970.
Where as, the commit for CVE-2014-5139 seems to be -
Hello Users,
Just want to understand the impact of openssl for RC4 Bar mitzvah attack.
Please correct me if my understanding is wrong, basically this attack is
triggered based on the design of RC4.
openssl is one of the implementers of RC4 algo.
I am not sure if there will be any design change
Hello,
I see a fix for logjam has been provided from 1.0.1 and 1.0.2 versions of
openssl.
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
Does that imply 0.9.8 is not impacted by logjam? Also, Is it not required
to disable export cipher suites in 0.9.8 version?
Hello users,
Is there any fixes available from openSSL community for the SLOTH attack -
http://www.mitls.org/pages/attacks/SLOTH
or what are the possible mitigation points?
Thanks
Sandeep
___
openssl-users mailing list
To unsubscribe:
boun...@openssl.org>
On 11/04/16 19:12, Sandeep Umesh wrote:
> Hello
>
> Can someone please provide more information on CVE-2016-2842? Is this
> different from CVE-2016-0799 ? Looks like this CVE information is not
> captured in the advisory -
> _http://openssl.org/n
Hello
Can someone please provide more information on CVE-2016-2842? Is this
different from CVE-2016-0799 ? Looks like this CVE information is not
captured in the advisory -
http://openssl.org/news/secadv/20160301.txt
Also, does this below patch fixes both CVE-2016-2842 and CVE-2016-0799 -
Hello
How can anyone test if the server is susceptible to DROWN CVE?
Possibly one of the methods is to check at https://drownattack.com/#check
Apart from this, will be below command also be useful to verify for the
impact? -
$ openssl s_client -connect : -ssl2
Regards
Sandeep
--
Hi
Has this been officially published in openSSL ? Haven't seen a security
advisory for the same.
Regards
Sandeep
From: "Salz, Rich"
To: "openssl-users@openssl.org"
Date: 08/13/2016 12:51 AM
Subject:Re: [openssl-users]
Hi
Can you please clarify if CVE-2016-7055 only impact x86_64 platform ? What
about other platforms listed in crypto/bn/asm/ folder which has Montgomery
multiplication procedure, is it impacted ?
Thanks
Regards
Sandeep
--
openssl-users mailing list
To unsubscribe:
Hello Matt
Are you planning to provide TLSv1.3 support for openSSL 1.0.2 version ?
Thanks
Sandeep
From: Matt Caswell
To: "openssl-users@openssl.org" ,
"openssl-...@openssl.org"
Date: 05/04/2017 06:52
Hello
As per this blog:
https://www.openssl.org/blog/blog/2017/10/27/steve-marquess/
Steve who is instrumental in handling FIPS certification for openssl object
module is no more associated with OSF.
How can we proceed for future FIPS certification ? Is there any other
contact person to perform
Hello
While the beta version has been released now, please let us know if there is any timeline to release the actual 3.0 version ?
What changes are expected to be 3.0 version compared to its beta ? it is restricted to bug-fixes only ?
Thanks
Regards
Sandeep
12 matches
Mail list logo