In the Advisory it is mentioned that
"Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should
update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue."
What about users of OpenSSL releases before 0.9.8f ? Isn't the vulnerability
applicable there as well?
Th
Thank you David and Nivedita. I think I got it.
-Pandit
From: Nivedita Melinkeri
To: Pandit Panburana
Cc: openssl-users@openssl.org
Sent: Thu, November 18, 2010 1:53:22 PM
Subject: Re: Question regarding OpenSSL Security Advisory
Hey Pandit,
>
Sorry for
On 11/18/2010 12:05 PM, Victor Duchovni wrote:
>
> None that are publically visible. You can check for yourself:
>
> No commits to the 0.9.8 branch after the release of 0.9.8p.
>
> http://cvs.openssl.org/chngview?cn=19996
I was aware of this. It's why I raised the question, if any of these
>
> Hey Pandit,
>
>
Sorry for sending out the previous before it was complete. So here it
goes
> From what I understand the vulnerability can apply if:
>
> 1) Internal session caching is *not* disable - This means the session
> cache is mantained in SSL_CTX.
> 2) Internal session cache L
Hey Pandit,
>From what I understand the vulnerability can apply if:
1) Internal session caching is *not* disable - This means the session cache
is mantained in SSL_CTX.
2) Internal Lookup is not disabled - This means that the ssl
code will lookup the session cache on receiving Clien
On Thu, Nov 18, 2010 at 11:12:11AM -0600, William A. Rowe Jr. wrote:
> On 11/18/2010 10:36 AM, Dr. Stephen Henson wrote:
> >
> > A 1.0.0c release is planned in the next few days. We're just seeing if any
> > other issues arise before the release: a couple have been fixed already.
>
> Have any ob
On Thu, Nov 18, 2010, William A. Rowe Jr. wrote:
> On 11/18/2010 10:36 AM, Dr. Stephen Henson wrote:
> >
> > A 1.0.0c release is planned in the next few days. We're just seeing if any
> > other issues arise before the release: a couple have been fixed already.
>
> Have any observed issues affect
On 11/18/2010 10:36 AM, Dr. Stephen Henson wrote:
>
> A 1.0.0c release is planned in the next few days. We're just seeing if any
> other issues arise before the release: a couple have been fixed already.
Have any observed issues affected 0.9.8p? If so, is there a planned .8q?
___
On 11/18/2010 7:26 AM, Pandit Panburana wrote:
I am not clear about the condition that vulnerability when using
internal session caching mechanism. Is it the same thing as TLS session
caching or this is some thing different?
The internal session caching mechanism caches TSL session information
On Thu, Nov 18, 2010, Brodie Thiesfield wrote:
> On Wed, Nov 17, 2010 at 9:38 AM, Victor Duchovni
> wrote:
> > On Tue, Nov 16, 2010 at 11:36:50PM +0100, Mounir IDRASSI wrote:
> >
> >> Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under
> >> Ubuntu 8.04 LTS with gcc 4.2.4,
Hi,
I am not clear about the condition that vulnerability when using internal
session caching mechanism. Is it the same thing as TLS session caching or this
is some thing different?
Thank you,
- Pandit
From: David Schwartz
To: openssl-users@openssl.org
C
On Wed, Nov 17, 2010 at 9:38 AM, Victor Duchovni
wrote:
> On Tue, Nov 16, 2010 at 11:36:50PM +0100, Mounir IDRASSI wrote:
>
>> Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under
>> Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error.
>>
>> I don't see anything OS specifi
On 11/18/2010 12:50 AM, Steve yongjin Shin wrote:
-BEGIN RSA PRIVATE KEY-
...omitted..
-END RSA PRIVATE KEY-
-BEGIN CERTIFICATE-
...omitted...
-END CERTIFICATE-
===
Hi all.
I have trouble with using certificates with openssl.
os : centos5.4
kernel : 2.6.27.29
openssl-ver : 0.9.8e-fips-rhel5
At first, I created "rsa private key" and let's suppose this is test.key.
with "test.key" I generated certificate request. and lets suppose this as
test.csr
with "tes
14 matches
Mail list logo
