Hello again OpenSSL users,
I'm still trying to find out if the 1.0.2 and 1.0.0 branches are affected,
and if so which versions and if there are versions with fixes available.
Based on the changelog for the 1.0.2 branch
(http://openssl.org/news/cl102.txt), version 1.0.1f which contains the fix
was
Michael Wojcik writes:
>
> As described on that web page, use OpenSSL 1.0.1f or later. That prevents
the currently-practical SLOTH
> attack against RSA-MD5 client authentication.
>
> If you're using an OpenSSL release earlier than 1.0.1f, SLOTH is probably
not your biggest problem.
>
> The au
