On Wed, Feb 06, 2013, Brad House wrote: > On 02/06/2013 01:37 PM, Dr. Stephen Henson wrote: > >A possibility is the AESNI+SHA1 stitched code which is handled as a special > >case. You'd only see that with AES+SHA1 ciphersuites on AES-NI supporting > >processors. > > DHE-RSA-CAMELLIA256-SHA also has the same issue. I'm thinking it may be > a -SHA issue as the only -SHA cipher I've gotten to work so far is RC4-SHA. > Note though the TLSv1.2+HIGH ciphers that use SHA256 and greater look fine. >
Hmmm... if it's a problem with the CVE-2013-0169 it would appear when you select a ciphersuites using a block cipher. So AES would exhibit it but not RC4 and not AES-GCM. Possibly a problem with the constant time SHA1 code but then shouldn't get that in FIPS mode.... weird. In ssl/s3_cbc.c and the function ssl3_cbc_record_digest_supported try setting it to return 0 when NID_sha1 is passed. > > Have you not been able to reproduce this issue? I've seen it on more than > one machine. > I've not seen it yet, no. Do you get the same problem with OpenSSL 1.0.0k? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
