>>>>>> I've been getting reports from users who see issues with openssl >>>>>> after the upgrade from 1.0.1c to 1.0.1e >>>>>> >>>>>> See: >>>>>> http://bugs.debian.org/678353#10 >>>>> I tried on my Intel Core i7-3770S with 1.0.1e connecting to his >>>>> mail server and was unable to reproduce with the stock 1.0.1e >>>>> I built. >>>>> >>>> I got an other bug report now: >>>> http://bugs.debian.org/701868 >>>> >>>> Both user report that using OPENSSL_ia32cap=~0x200000200000000 >>>> fixes there problem. >>> And I've also been pointed to: >>> http://forums.otterhub.org/viewtopic.php?f=62&t=18941 >>> >>> It seems various users are affected by this. >> There are seem to be several problems... As for AES-NI you seem have >> missed fix for zero-length TLS fragments, >> http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc90e42c8623af13308d8ef7e7ada84af0a36509. >> >> I mean I've 'apt-get source openssl' on a Ubuntu machine, applied your >> CVE-2013-0169.patch manually and there is no NO_PAYLOAD_LENGTH... This >> means that if AES-NI enabled machine talks to server that support >> zero-length countermeasure, you are in trouble. > > I don't have anything to do with the Ubuntu upload.
Oops! I apologize:-) > The Debian package > is a real 1.0.1e version, not a backport of patches, that does have that > patch applied. I can't reproduce the problem with 'openssl s_client -connect mail.uni-paderborn.de:465' from http://www.openssl.org/source/openssl-1.0.1e.tar.gz. Server is mentioned on http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678353#10. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
