mancha manc...@zoho.com:
Any reason for the s_client -fallback_scsv option check to be within an
#ifndef OPENSSL_NO_DTLS1 block?
Thanks for catching this. No, there's no good reason for that; I should
move it elsewhere.
Bodo
The ABI fix is committed, unfortunately RT number is off by one in commit
message, 3553 instead of 3552.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Been fixed since summer of 2014, if not earlier :)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8zc released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8zc of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.0o released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.0o of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1j released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.1j of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [15 Oct 2014]
===
SRTP Memory Leak (CVE-2014-3513)
Severity: High
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a
Hi,
there's a workaround here :
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
it aims to forbid protocol downgrade, except for interoperability
however I don't know when draft will be accepted and included to TLS protocols
Nicolas
- Mail original -
De: Dominyk Tiller
On 15/10/14 14:43, nicolas@free.fr wrote:
Hi,
there's a workaround here :
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
it aims to forbid protocol downgrade, except for interoperability
however I don't know when draft will be accepted and included to
TLS protocols
Running the openssl binary configured with no-ssl2:
$ openssl version
OpenSSL 1.0.1i 6 Aug 2014
$ openssl s_client -ssl2 21 | fgrep ssl2
unknown option -ssl2
-ssl2 - just use SSLv2
-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
That is, -ssl2 is an unknown
This is already fixed in https://github.com/akamai/openssl/tree/rsalz-monolith
which will be merged into the next release after 1.0.2
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL 0.9.8 End Of Life Announcement
==
The OpenSSL Project is today making the following announcement:
Support for version 0.9.8 will cease on 31st December 2015.
No further releases of 0.9.8 will be made
Great!
I suppose it fixes both - client and server ?
On 15 October 2014 15:59:13 CEST, Matt Caswell m...@openssl.org wrote:
On 15/10/14 14:43, nicolas@free.fr wrote:
Hi,
there's a workaround here :
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
it aims to forbid
I suppose it fixes both - client and server ?
The server-side is automatic: when it sees the SCSV fallback, it sends a fatal
alert back to the client.
Clients that will do fallback must call a new API; see the changes file.
--
Principal Security Engineer, Akamai Technologies
IM:
X509_get_signature_type() returns NID_undef for any certificate given.
Bug exists as far back as I could compile (0.9.6).
Attached patch for git master branch makes X509_get_signature_type() a
synonym for X509_get_signature_nid(), which makes more sense and won't
break anything because the
Adding patch
On Wed, Oct 15, 2014 at 9:38 PM, Ben Fogle benfo...@gmail.com wrote:
X509_get_signature_type() returns NID_undef for any certificate given.
Bug exists as far back as I could compile (0.9.6).
Attached patch for git master branch makes X509_get_signature_type() a
synonym for
16 matches
Mail list logo