Hi Eugene, > The point is that SSH does not exchange x509 certificates. It has its > own key exchange protocol. Probably(?) it is not ASN1 based.
Yeah. I've been reading the vendor reports on Bugtraq when they released patches fpr this OpenSSL issue. The reports from SuSE and Debian (if I remember correctly) give some ideas that OpenSSH is not affected. -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
