Hi,
I had asked few questions related to SSLv23_xxx_method API to understand
its internals.
I am putting those questions here again..
How is it able to handle all the protocols SSLv3, TLSv1.x
How does it decide which one to handshake with ? What is the first
protocol_version sent in ClientHell
Hi all,
Can you please give me idea on some internals of how SSLv23_xxx_method()
works ?
How is it able to handle all the protocols SSLv3, TLSv1.x
How does it decide which one to handshake with ? What is the first
protocol_version sent in ClientHello Request ?
Please explain
Thanks & Regards
Sorry, but I have to clarify one thing in my below message: The major
issue caused the latest OpenSSL upgrade was not due to the anything inside
the RSA implementation, but was in (the CBC mode of) some specified
symmetric encryption phase after SSL handshake.
Sorry if any confusion.
--
Regards
Thanks for your response, Rich.
Yes, I'm aware of timing attack against RSA cryptography (e.g. the one
majorly responded for the latest upgrade), but this patch is simply a small
optimization for RSA testing code, which is only used in the testsuit of
OpenSSL, and has no any effect on the real usa
Thanks for your response, Rich.
Yes, I'm aware of timing attack against RSA cryptography (e.g. the one
majorly responded for the latest upgrade), but this patch is simply a small
optimization for RSA testing code, which is only used in the testsuit of
OpenSSL, and has no any effect on the real usa