Ulf Möller wrote:
>
> On Thu, Sep 21, 2000 at 03:09:06PM -0500, Ed Kubaitis wrote:
>
> > > How vulnerable is the current OpenSSL to the Bleichenbacher attack?
> > > Must be old hat by now, but someone brought it up at work.
> > > The source tree does not seem to contain the word 'bleichenbacher', ...
> >
> > Typo I think. Grep openssl-0.9.5a/CHANGES for "Bleich"
>
> You're right about the typo, but SSL doesn't support OAEP mode.
>
> The real fix for the Bleichenbacher attack was made in SSLeay
> 0.9.0b. See ftp://ftp.cert.dfn.de/pub/tools/crypt/ssleay/README.PKCS1
Thanks for the clarification!
- Dan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
