Per recommendation below, I built with the "openssl-e-0.9.6-stable-SNAP-20030323.tar.gz" snapshot this morning and all is well. The intermittant problems regarding dropping GIFs, etc are gone and preliminary testing looks good. I deduce from the thread history that this snapshot does indeed contain the "RSA Blinding" fix as well as the fix for the "Klima-Pokorny-Rosa attack"...
I am VERY interested in building with an official release and would greatly appreciate any info regarding when OpenSSL.org thinks it might release an official 0.9.6j. --- Pete Bobco --- -----Original Message----- From: Bodo Moeller [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 7:19 PM To: [EMAIL PROTECTED] Cc: Bobco, Pete Subject: Re: [openssl.org #541] Problem with the blinding patch Bobco, Pete <[EMAIL PROTECTED]>: > After applying the March 17, 2003 RSA Blinding patch, I am seeing > some intermittant problems when I browse to my test server to > retrieve pages. Sometimes a GIF file does not appear, but using the > Refresh key will get it. I am wondering if anyone else out there is > seeing similar oddities. Are there any server-side OpenSSL error messages? > Background: My scenario is using OpenSSL 0.9.6i as the baseline. [...] > > On a side note, it looks to me like the > "openssl-0.9.7-stable-SNAP-20030320" build mentioned below DOES NOT > contain the RSA Blinding fix... It does, although not literally the same fix as found in the patch. Please try the latest openssl-0.9.6-stable snapshot with your test server and report if you still observe problems. -- Bodo Möller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
