Thanks for the response.
> Don't do this. Switch to a supported version. There's no way you will
> plausibly keep this secure. Bleichenbacher attacks may be the least of
> your worries.
I am actually using version 1.0.1h.
> And of course, as you've already pointed out, that still left timing a
Hanno Böck :
> I was wondering when exactly (the version) was the OpenSSL library
> > patched for the Bleichenbacher Vulnerability?
>
> It was probably fixed some time in the late 90s. However according to
> https://www.openssl.org/news/changelog.html
>
> the countermeasures were accidentally re
Hi,
On Wed, 20 Dec 2017 11:51:39 +0530
haris iqbal wrote:
> I was wondering when exactly (the version) was the OpenSSL library
> patched for the Bleichenbacher Vulnerability?
It was probably fixed some time in the late 90s. However according to
https://www.openssl.org/news/changelog.html
the c
On 20 December 2017 at 14:21, haris iqbal wrote:
> Wanted to know this, since my custom application uses an older version
> of OpenSSL, and I wanted to be sure that it is not affected.
Not answering your original question. But you can test it using one
of the following tools:
The follo
Hi,
I was wondering when exactly (the version) was the OpenSSL library
patched for the Bleichenbacher Vulnerability?
Since the Bleichenbacher Vulnerability had a number of variations,
most recently ROBOT being one of them, I wanted to know whether
OpenSSL is immune to this attack because of a pat