>> Recently there has been some discussion on th Internet regarding so called >> null-prefix attacks, see >> http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf. Is openssl >> vulnerable to this attack? > I read the PDF and my first question would be. > How is this relevant to openssl, since it is normally only used for > creating and signing certificates > It is more up to a brower to do the proper checking; > That's why the PDF states > While many SSL/TLS implemntations fall victim to this, Mozila's NSS is > the worst.
Have you read this? http://it.slashdot.org/comments.pl?threshold=-1&mode=flat&commentsort=0&op=Change&sid=1325051 HTH ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
