Hi,
It may not be relevant, but I'm running SLES 10 SP3 which is a very
old version of the OS and I can't upgrade it due to some installed
products. When I try to do a wget I'm seeing the error:
OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
alert protocol version
What does
On 16/04/18 16:59, Scott Neugroschl wrote:
> Hi,
>
> I'm trying to make sure I have grokked this advisory properly.
>
> The advisory says this is a cache timing side channel attack on key
> generation. So am I correct in assuming that a potential attacker must
>
> 1) Already have access to
On 16/04/18 0935PDT, Matt Caswell wrote:
>On 16/04/18 16:59, Scott Neugroschl wrote:
>> Hi,
>>
>> I'm trying to make sure I have grokked this advisory properly.
>>
>> The advisory says this is a cache timing side channel attack on key
>> generation. So am I correct in assuming that a
Hi,
I'm trying to make sure I have grokked this advisory properly.
The advisory says this is a cache timing side channel attack on key generation.
So am I correct in assuming that a potential attacker must
1) Already have access to the system
2) Have sufficient privilege to be able to access
2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
The fix was developed by Billy Brumley.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20180416.txt
Note: the online version of the advisory may
On 16/04/18 11:38, Matt Caswell wrote:
>
>
> On 16/04/18 09:19, marcus.schafheu...@gmx.de wrote:
>> SSL_set_bio(ssl, NULL, NULL); // free BIOs when finished
>
> There should be no reason to do this. The BIO's will get freed
> automatically by the SSL_free() call.
>
>
>> Is this a faulty
On Mon, Apr 16, 2018 at 02:27:17PM -0400, Rob Marshall wrote:
> Hi,
>
> It may not be relevant, but I'm running SLES 10 SP3 which is a very
> old version of the OS and I can't upgrade it due to some installed
> products. When I try to do a wget I'm seeing the error:
>
> OpenSSL:
The server is rejecting the connection because it doesn't like the SSL/TLS
version range that wget is offering. Anything prior to TLSv1.1 suffers from
vulnerabilities that can be exploited under practical conditions, so many
servers reject older protocol versions.
You don't have to upgrade
Hi,
I built and installed OpenSSL 1.0.2n and I'm still seeing the problem.
I originally tried to build/install 1.1.0h but my goal was to
build/install an updated OpenSSH (7.7.p1) and it wouldn't build with
that version and a straight 1.1.0 build failed. So I went with the
most recent 1.0.2 (in
It may be how the (probably somewhat outdated) version of wget is using the
openssl API. Try "openssl s_client -connect server:port", using the server and
port you're trying to get wget to connect to.
--
openssl-users mailing list
To unsubscribe:
Hi,
The command I'm running is:
wget --no-check-certificate https://bootstrap.pypa.io/get-pip.py
So in this particular case the host is: bootstrap.pypa.io. I was
trying to install the Python pip command.
Rob
On Mon, Apr 16, 2018 at 5:53 PM, Salz, Rich via openssl-users
Hi,
When I do that I see, among other things:
...
SSL-Session:
Protocol : TLSv1.2
Cipher: ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 9B63040F2D2F498F610A84E4A9D9017AF375772DFDDA760378666391A17C2C75
...
When I tried to force TLSv1.2 I got:
hostname:~ # wget --no-check-certificate
You didn't answer the question that was asked.
Which host?
On 4/16/18, 4:23 PM, "Rob Marshall" wrote:
Hi,
I built and installed OpenSSL 1.0.2n and I'm still seeing the problem.
I originally tried to build/install 1.1.0h but my goal was to
Hello,
we encountered a strange behaviour of OpenSSL 1.1.0 when our test with "sslscan" provokes an unfinished
handshake. The problem exists since OpenSSL 1.1.0 - there were no problems with OpenSSL 1.0.2x.
Our asynchronous communication approach uses memory BIOs in order to read/write data
On 16/04/18 09:19, marcus.schafheu...@gmx.de wrote:
> SSL_set_bio(ssl, NULL, NULL); // free BIOs when finished
There should be no reason to do this. The BIO's will get freed
automatically by the SSL_free() call.
> Is this a faulty behavior of OpenSSL 1.1.0 or is the fault on my side?
This
15 matches
Mail list logo