Re: OpenSSL Security Advisory: OCSP stapling vulnerability

2011-02-09 Thread Rob Stradling
Bodo, some comments inline... On Tuesday 08 Feb 2011 18:09:46 Bodo Moeller wrote: OpenSSL Security Advisory [8 February 2011] OCSP stapling vulnerability in OpenSSL snip Which applications are affected --- Applications are only affected if they act as a server

Re: OpenSSL Security Advisory: OCSP stapling vulnerability

2011-02-09 Thread Bodo Moeller
Thanks, Rob; I have updated the Security Advisory at http://www.openssl.org/news/secadv_20110208.txt. Bodo

OpenSSL Security Advisory: OCSP stapling vulnerability

2011-02-08 Thread Bodo Moeller
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [8 February 2011] OCSP stapling vulnerability in OpenSSL == Incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. This issue

OpenSSL Security Advisory: OCSP stapling vulnerability

2011-02-08 Thread Bodo Moeller
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [8 February 2011] OCSP stapling vulnerability in OpenSSL == Incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. This issue