I'm trying to make sure I completely understand the situation with
respect to the "TLS ephemeral ECDH crash" issue (from
http://openssl.org/news/secadv_20110906.txt).
Is it true that with 0.9.8r by default the related ciphersuites
(ECCdraft) are disabled? If they were enabled, would they show up as
ECDH in the output of "openssl ciphers"?
My interpretation is that our build of 0.9.8r doesn't have the issue,
assuming that ECC isn't compiled in. I'd appreciate any info I might
need to be 100% certain about this.
Also, in case you're wondering, moving to 1.0.0.e isn't currently an
option (we're using 0.9.8r + FIPS).
Thanks,
Charles
--
==== Charles Owens ====
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org