September 6th Security Advisory

[james]

I noticed that the advisory mentions OpenSSL 0.9.8s, however, I haven't seen an announcement or tarball posted for this version, yet. Can we expect this version to be released or was the mention of OpenSSL 0.9.8s a mere typo?

"This issue applies to OpenSSL 0.9.8 through 0.9.8s (experimental "ECCdraft" ciphersuites) and to OpenSSL 1.0.0 through 1.0.0d."

Unfortunately, we cannot upgrade to the 1.0.0 series until the new FIPS module is released, since 1.0.0 doesn't compile with the current FIPS module.

Thanks!

James

______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org