[openssl-users] openssl impact on CVE-2015-2808

Sandeep Umesh sanumesh at in.ibm.com
Mon Apr 6 18:20:09 UTC 2015


Hello Users,

Just want to understand the impact of openssl for RC4 Bar mitzvah attack.

Please correct me if my understanding is wrong, basically this attack is
triggered based on the design of RC4.
openssl is one of the implementers of RC4 algo.
I am not sure if there will be any design change or openssl will try to
disable RC4 support...
But, Is disabling RC4 algo usage in the applications which are using
openssl a better approach? Thanks

Regards
Sandeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150406/4067cc4a/attachment.html>


More information about the openssl-users mailing list