Thanks for your bug report and sorry for the delay in responding. Ubuntu (and Debian) have the most complete blacklists available in the openssl- blacklist and openssl-blacklist-extra packages (unless someone has released 8192 bit somewhere).
I ran openssl-vulnkey on the attached certificate, and it is not in the database. However, I did get the ssl cert from https://bad.codefromthe70s.org using: $ openssl s_client -connect bad.codefromthe70s.org:443 then copied the certificate into a file. Running openssl-vulnkey on this file shows the certificate as compromised, and indeed, the cert from the website and the one supplied in this bug are different. I am therefore marking this bug as invalid. Please feel free to reopen if you have more information. ** Changed in: openssl-blacklist (Ubuntu) Status: New => Invalid ** Visibility changed to: Public -- openssl-vulnkey produces 'false negative' when testing with a weak key https://bugs.launchpad.net/bugs/246514 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
