:23 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Tue, Nov 12, 2013, Alok Sharma wrote:
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
in OpenSSL, , do not properly consider timing side-channel
Hi Steve,
Thanks for reply. Do you have idea how CBC ciphers can be disabled?
Regards,
Alok
On Tue, Nov 12, 2013 at 8:23 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Tue, Nov 12, 2013, Alok Sharma wrote:
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS
On Tue, Nov 12, 2013, Alok Sharma wrote:
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
in OpenSSL, , do not properly consider timing side-channel attacks on a MAC
check requirement during the processing
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
in OpenSSL, , do not properly consider timing side-channel attacks on a MAC
check requirement during the processing of malformed CBC padding, which
allows remote
Hello!
I'm currenty working with openssl-0.9.8.y. As we can see in the changelog
in the official openssl page there is a correct fix concerning
the CVE-2013-0169 which is only available at version openssl-1.0.1.e.
My question is when do you plan to included this change at the series
0.9.8
On Thu, Sep 26, 2013, Costas Stasimos wrote:
Hello!
I'm currenty working with openssl-0.9.8.y. As we can see in the changelog
in the official openssl page there is a correct fix concerning
the CVE-2013-0169 which is only available at version openssl-1.0.1.e.
My question is when do you
I too face this same scenario as Raajeesh. Can anyone provide details
on the exact patch for CVE-2013-0169 that was applied to OpenSSL version
0.9.8y?
Thank you,
~Ryan
On 03/06/2013 12:15 AM, Raajesh Sivaramakrishnan wrote:
Hi,
The product that I am working on is running on OpenSSL
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Monday, 25 February, 2013 03:07
On 2/25/2013 4:26 AM, Dave Thompson wrote:
snip my mistake
The attack is against the specific timing differences that occur when
directly implementing the RFC suggested countermeasure against
On 2/25/2013 4:26 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Friday, 22 February, 2013 05:06
On 2/21/2013 11:12 AM, Mozes, Rachel wrote:
[other reports say issue]
affects just The TLS protocol *_1.1 and 1.2_ *and the DTLS
protocol 1.0
and
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Friday, 22 February, 2013 05:06
On 2/21/2013 11:12 AM, Mozes, Rachel wrote:
[other reports say issue]
affects just The TLS protocol *_1.1 and 1.2_ *and the DTLS
protocol 1.0
and 1.2, but in the OpenSSL announcements
Hi all,
Recently, OpenSSL Security Advisory sent a message about a new vulnerability
which was found and numbered as CVE-2013-0169. This announce advises to all
SSL and TLS users to upgrade the OpenSSL version.
But from a quick Google search, it looks like there is a contradiction between
On 2/21/2013 11:12 AM, Mozes, Rachel wrote:
Hi all,
Recently, OpenSSL Security Advisory sent a message about a new
vulnerability which was found and numbered as CVE-2013-0169. This
announce advises to all SSL and TLS users to upgrade the OpenSSL version.
But from a quick Google search
hi ALL,
There were 13 upstream commits for fixing the Lucky-13 issue in
openssl 0.9.8. For this issue, modified/deleted thousand of lines of
code. Is there any method or POC code for verification? Any ideas?
Thanks!
--
GNU powered it...
GPL protect it...
God blessing it...
regards
Shawn
13 matches
Mail list logo