On Fri, Nov 19, 2010, Muhammed Shafeek wrote:
> In the Advisory it is mentioned that
> "Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should
> update
> to the OpenSSL 0.9.8p release which contains a patch to correct this issue."
>
> What about users of OpenSSL releases before 0.9
In the Advisory it is mentioned that
"Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should
update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue."
What about users of OpenSSL releases before 0.9.8f ? Isn't the vulnerability
applicable there as well?
Th
Thank you David and Nivedita. I think I got it.
-Pandit
From: Nivedita Melinkeri
To: Pandit Panburana
Cc: openssl-users@openssl.org
Sent: Thu, November 18, 2010 1:53:22 PM
Subject: Re: Question regarding OpenSSL Security Advisory
Hey Pandit,
>
So
ism. Is it the same thing as TLS session
>> caching or this is some thing different?
>>
>> Thank you,
>> - Pandit
>>
>> --
>> *From:* David Schwartz
>> *To:* openssl-users@openssl.org
>> *Cc:* Nivedita Melinkeri
>&g
> *From:* David Schwartz
> *To:* openssl-users@openssl.org
> *Cc:* Nivedita Melinkeri
> *Sent:* Wed, November 17, 2010 4:15:36 AM
> *Subject:* Re: Question regarding OpenSSL Security Advisory
>
> On 11/16/2010 11:06 PM, Nivedita Melinkeri wrote:
>
> > Hi,
On 11/18/2010 7:26 AM, Pandit Panburana wrote:
I am not clear about the condition that vulnerability when using
internal session caching mechanism. Is it the same thing as TLS session
caching or this is some thing different?
The internal session caching mechanism caches TSL session information
Cc: Nivedita Melinkeri
Sent: Wed, November 17, 2010 4:15:36 AM
Subject: Re: Question regarding OpenSSL Security Advisory
On 11/16/2010 11:06 PM, Nivedita Melinkeri wrote:
> Hi,
> I had some questions about the latest security advisory. I understand
> that this applies to multi
On 11/16/2010 11:06 PM, Nivedita Melinkeri wrote:
Hi,
I had some questions about the latest security advisory. I understand
that this applies to multi-threaded application while using ssl sessions.
Correct.
If the application is written thread safe using
CRYPTO_set_locking_callback functions
Hi,
I had some questions about the latest security advisory. I understand that
this applies to multi-threaded application while using ssl sessions.
If the application is written thread safe using CRYPTO_set_locking_callback
functions will the vulnerability still apply ?
If the ssl code calls th