Ok, thanks and good to know! I also ran a test as follows:
1. adb shell
2. openssl
3. OpenSSL> engine dynamic –pre
SO_PATH:/system/lib/ssl/engines/libsslengine.so –pre ID:sslengine –pre LOAD
4. OpenSSL> rand -hex 512
5. I checked debug output and default_RAND_method was null which caused it
to be
On Fri, Dec 12, 2014 at 5:23 AM, Jakob Bohm wrote:
> On 09/12/2014 21:46, Jeffrey Walton wrote:
>
> On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
> wrote:
>
> So Adam Langley writes "SSLv3 decoding function was used with TLS,
> then the POODLE attack would work, even against TLS connections."
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jeffrey Walton
> Sent: Thursday, December 11, 2014 16:26
> To: OpenSSL Users List
> Subject: Re: [openssl-users] CVE-2011-1473 fixed version
>
> > I wasn't involved at the time, but reading about it now CVE-2011-1473
>
I had similar trouble a while ago.
I understood that if crypto/ssl application need to use RAND method before
the intended engine is loaded, default_RAND_method would be populated with
RAND_SSLeay().
ENGINE_set_RAND wouldn't overwrite this as rand wrappers prefer
default_RAND_method than engine's
On 11/12/2014 13:45, Richard Moore wrote:
On 11 December 2014 at 10:20, Thirumal, Karthikeyan
mailto:kthiru...@inautix.co.in>> wrote:
Dear team,
Can someone tell me why the error is happening as SSPI failed ? Am
seeing this new today and when I searched the internet – it says
w
On 09/12/2014 21:46, Jeffrey Walton wrote:
On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
wrote:
So Adam Langley writes "SSLv3 decoding function was used with TLS,
then the POODLE attack would work, even against TLS connections." on
his the latest POODLE affecting TLS 1.x.
(https://www.imper