Hi there, This is debian stable (woody) openssl_0.9.6c-2.woody.4. I need to find out the folowing. This is from debian's changelog:
,---- | openssl (0.9.6c-2.woody.0) stable-security; urgency=low | | * SECURITY: patch for various overflows (upstream security patch | 0.9.6d->0.9.6e) | | -- Michael Stone <[EMAIL PROTECTED]> Mon, 29 Jul 2002 21:34:41 -0400 `---- I tried, but failed to identify if these specific changes: ,---- | Changes between 0.9.6d and 0.9.6e [30 Jul 2002] | | *) New option | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure | that was added in OpenSSL 0.9.6d. | | Changes between 0.9.6c and 0.9.6d [9 May 2002] | | *) Implement a countermeasure against a vulnerability recently found | in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment | before application data chunks to avoid the use of known IVs | with data potentially chosen by the attacker. | [Bodo Moeller] `---- are part of the patch mentioned above. Can anyone help me out? Cheers, Cristian -- Real men don't click.
