Hi, I read the PDF and my first question would be. How is this relevant to openssl, since it is normally only used for creating and signing certificates It is more up to a brower to do the proper checking; That's why the PDF states While many SSL/TLS implemntations fall victim to this, Mozila's NSS is the worst.
If anyone disagrees, please explain why! HTH Regards, Serge Fonville On Tue, Aug 11, 2009 at 9:35 AM, Roger No-Spam<[email protected]> wrote: > Recently there has been some discussion on th Internet regarding so called > null-prefix attacks, see > http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf. Is openssl > vulnerable to this attack? > > /Roger > > ________________________________ > kolla in resten av Windows LiveT. Inte bara e-post - Windows LiveT är mycket > mer än din inkorg. Mer än bara meddelanden ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
