On Thu, Sep 21, 2000 at 12:13:47PM -0700, Dan Kegel wrote:
> How vulnerable is the current OpenSSL to the Bleichenbacher attack?
> Must be old hat by now, but someone brought it up at work.
> The source tree does not seem to contain the word 'bleichenbacher',
> and it's only been mentioned in passing on this list.
>
> TLS ( http://www.ietf.org/rfc/rfc2246.txt ) notes that the
> attack relies on the server responding differently depending
> on whether the RSA block is formatted correctly or not:
IIRC, SSLeay 0.9.0 was vulnerable and 0.9.0b was released
to avoid the problem.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
