Antoine Pitrou added the comment:
Sorry to reopen :-). It seems OpenSSL 1.0.1d was a kind of "brown paper bag"
release, they've released 1.0.1e since (some of test_ssl can fail on 1.0.1d and
succeed on 1.0.1e, as experienced on my Linux setup; the Windows buildbots also
exhibit similar failures).
Following is their description of the fix:
“Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
*) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
supporting platforms or when small records were transferred.
[Andy Polyakov, Steve Henson]”
----------
status: closed -> open
versions: -Python 3.3
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue17425>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
