[openssl-users] openSSL and SLOTH attack
Michael Wojcik
Michael.Wojcik at microfocus.com
Thu Jan 7 15:46:53 UTC 2016
As described on that web page, use OpenSSL 1.0.1f or later. That prevents the currently-practical SLOTH attack against RSA-MD5 client authentication.
If you're using an OpenSSL release earlier than 1.0.1f, SLOTH is probably not your biggest problem.
The authors recommend discontinuing use of MD5 and SHA-1 in general. So does nearly everyone else. Really the risk of continuing to support MD5 and SHA-1 can only meaningfully be evaluated in the context of your own threat model; but either you already know that, or you don't know what your threat model is, in which case the safe move is to drop support for MD5 and SHA-1 as soon as you can.
--
Michael Wojcik
Technology Specialist, Micro Focus
More information about the openssl-users
mailing list