On Thu, Sep 21, 2000 at 03:09:06PM -0500, Ed Kubaitis wrote:
> > How vulnerable is the current OpenSSL to the Bleichenbacher attack?
> > Must be old hat by now, but someone brought it up at work.
> > The source tree does not seem to contain the word 'bleichenbacher', ...
>
> Typo I think. Grep openssl-0.9.5a/CHANGES for "Bleich"
You're right about the typo, but SSL doesn't support OAEP mode.
The real fix for the Bleichenbacher attack was made in SSLeay
0.9.0b. See ftp://ftp.cert.dfn.de/pub/tools/crypt/ssleay/README.PKCS1
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
