hi guys, what about openssh, does it have some problem with this vulnerability?
2014-04-10 22:35 GMT-03:00 Viktor Dukhovni <openssl-us...@dukhovni.org>: > On Thu, Apr 10, 2014 at 06:16:33PM -0700, Wim Lewis wrote: > > > But if you're using TLS at all, then presumably this is because > > the TCPIP network over which TLS is running is potentially insecure > > in some way (e.g., it's the open internet); an attacker with the > > ability to send packets on that layer could start making TLS > > connections and extracting data even with no knowledge of your > > proprietary protocol. If you are in a situation where you are only > > concerned about purely passive eavesdroppers on that connection, > > though, then I believe you are safe. > > Lack of concern for MiTM attacks is quite different from lack of > concern about possible connections to the server from malicious > clients that are not in the middle of protected connections. > > Even using SSL only against passive attacks on legitimate connections, > one has to take care of security issues that can be exploited by > hostile clients. It is very unlikely that the OP can this one out. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Roberto Spadim SPAEmpresarial Eng. Automação e Controle