Folks, can you pls confirm that none of the below ciphers are affected by
this bug? From my understanding, only ciphers containing DH or DHE would be
affected.
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62)
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
Thanks for confirming, much appreciated!
-chris
On Wed, Apr 9, 2014 at 12:12 AM, Daniel Kahn Gillmor
d...@fifthhorseman.netwrote:
On 04/08/2014 11:08 PM, Chris Hill wrote:
SSH and SSL/TLS are simply different protocols (doh). They may share some
similar underlying crypto implementations
(Meant to post this on OpenSSL dev, but sent it to user in error, although
I am getting some good answers there as well).
Team, I am having a discussions with a few friends about why this OpenSSL
vuln (CVE 2014-0160) does not affect SSH. This may be TOO basic for many of
you
Open SSL dev team,
It seems like in releases after OpenSSL 0.9.8l (the ones that contained the
fix for cve 2009-3555), client initiated secure/safe renegotiationw
was never re-enabled by default, judging by how Apache behaves. In short,
prior to 0.9.8l, you could do something as simple as