[openssl-users] request for TLBleed information / non-constant-time vulnerabilities

Michael R. Hines mrhines at digitalocean.com
Fri Jul 27 14:20:30 UTC 2018


On 07/27/2018 09:12 AM, Michael Wojcik wrote:
>
>> We're trying to decide if we can avoid disabling hyperthreading, as our
>> measurements show that the performance losses (even with integer
>> workloads) are significant.
>>
>> Might anyone be able to comment on this particular type of attack in
>> OpenSSL?
> Certainly I'd need to do a lot more research before I'd feel comfortable speculating about possible mitigations within OpenSSL. I'll be interested to see if anyone else does.
>
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus

Any and all guidance would be appreciated!

Again, thank you so much for the response. We're having a very difficult 
time finding a response (of any kind)
from the crypto community or from the linux distributions as well.

- Michael


More information about the openssl-users mailing list