Dear OpenSSL users, I'd like to ask about CVE-2006-4339. As you may know, this vulnerability was reported a few days ago. http://secunia.com/advisories/21709/ http://www.openssl.org/news/secadv_20060905.txt http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
Apparently, I need to update or patch openssl. I run my site with apache + openssl. I'm concerned about illegal access to my site. But I think this vunlerability don't affect to my site, because I use openssl for https connection. I believe my web server doesn't recieve and verify any certification such as X.509. If I use openssl to verify PKCS #1 v1.5 such as X.509 for S/MIME, this vulnerablity will affect. Is this right? Additionally, my publicExponent of RSA key is not 3. #openssl rsa -in server.key -text | grep publicExponent publicExponent: 65537 (0x10001) I can't understand implications from RSA signature forgery exactly. It is very difficult to understand for me. Thanks in advance for your comments. Best Regards, mtbtaizo ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
