http://opensslrampage.org/post/88383880093
I don't know if this has in fact been given to the OpenSSL team yet. I am not jsing, and I am not involved in the OpenBSD audit. However, this is important. If MD5 passes, but SHA1 fails, then the MAC verification will pass. This reduces the security of the handshake to MD5. I don't know where ssl3_final_finish_mac() is called from, if it's limited to SSLv3 or if it's also called from TLS. -Kyle H
smime.p7s
Description: S/MIME Cryptographic Signature
