Scott, I just checked the CVE ID's on mitre, and as of now ( 11:18 AM PST
1/26/17 ) they are all listed as 'reserved' and don't have any information
about the issue. NVD shows the same information. In either case, it seems
like an extra hoop to jump through to have to go to a third party site to
fi
The CVE itself contains the commit info. Find it at cve.mitre.org
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Ethan Rahn
Sent: Thursday, January 26, 2017 10:40 AM
To: openssl-users@openssl.org
Subject: [openssl-users] Should openssl publish the commit #'s that fix
Hello,
When looking a the latest security announcement, something that I notice is
that it's hard to find the actual commits that fixed an issue. If you
search git.openssl.org you can find some of them if they are mentioned in
the change message, but it still requires some active effort.
Would it
Thanks again!
-Senthil.
On Thu, Jan 26, 2017 at 9:27 PM, Matt Caswell wrote:
>
>
> On 26/01/17 15:53, Senthil Raja Velu wrote:
> > Hi Matt,
> > One other quick question, Is there a openssl utility code to just check
> > PRNG is initialized or NOT_SEEDED.
>
> See RAND_status().
>
> Matt
> --
>
On 26/01/17 15:53, Senthil Raja Velu wrote:
> Hi Matt,
> One other quick question, Is there a openssl utility code to just check
> PRNG is initialized or NOT_SEEDED.
See RAND_status().
Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi Matt,
One other quick question, Is there a openssl utility code to just check
PRNG is initialized or NOT_SEEDED.
That way I could verify the current running state of the application. The
other thing I am after is, it works some times but not other times.
Thanks,
Senthil.
On Thu, Jan 26, 2017
Hi Matt,
Thanks for such a detailed reply. I will work on the pointers provided. And
will plan to move openssl implementation to 1.0.2 series as suggested. I
will check the random method used if that is the cause of this issue.
Many thanks,
Senthil.
On Thu, Jan 26, 2017 at 3:38 PM, Matt Caswell
updates.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20170126.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.0d released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.0d of our open sour
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.0.2k released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2k of our open sour
On 26/01/17 04:38, Senthil Raja Velu wrote:
> Hi,
> I have a setup where the handshake between openssl server and client
> fails at times but not always. And when it does, the client keeps
> retrying and all of trials fail. Only way to recover is to restart the
> server.
>
> Currently on the se
11 matches
Mail list logo