On 09/12/2014 21:46, Jeffrey Walton wrote:
On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
amarendra.godb...@gmail.com wrote:
So Adam Langley writes SSLv3 decoding function was used with TLS,
then the POODLE attack would work, even against TLS connections. on
his the latest POODLE affecting
On 11/12/2014 13:45, Richard Moore wrote:
On 11 December 2014 at 10:20, Thirumal, Karthikeyan
kthiru...@inautix.co.in mailto:kthiru...@inautix.co.in wrote:
Dear team,
Can someone tell me why the error is happening as SSPI failed ? Am
seeing this new today and when I searched the
I had similar trouble a while ago.
I understood that if crypto/ssl application need to use RAND method before
the intended engine is loaded, default_RAND_method would be populated with
RAND_SSLeay().
ENGINE_set_RAND wouldn't overwrite this as rand wrappers prefer
default_RAND_method than
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Jeffrey Walton
Sent: Thursday, December 11, 2014 16:26
To: OpenSSL Users List
Subject: Re: [openssl-users] CVE-2011-1473 fixed version
I wasn't involved at the time, but reading about it now CVE-2011-1473
On Fri, Dec 12, 2014 at 5:23 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 09/12/2014 21:46, Jeffrey Walton wrote:
On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
amarendra.godb...@gmail.com wrote:
So Adam Langley writes SSLv3 decoding function was used with TLS,
then the POODLE attack
Ok, thanks and good to know! I also ran a test as follows:
1. adb shell
2. openssl
3. OpenSSL engine dynamic –pre
SO_PATH:/system/lib/ssl/engines/libsslengine.so –pre ID:sslengine –pre LOAD
4. OpenSSL rand -hex 512
5. I checked debug output and default_RAND_method was null which caused it
to be