[openssl-users] openSSL and SLOTH attack

Michael Wojcik Michael.Wojcik at microfocus.com
Thu Jan 7 15:46:53 UTC 2016

As described on that web page, use OpenSSL 1.0.1f or later. That  prevents the currently-practical SLOTH attack against RSA-MD5 client authentication.

If you're using an OpenSSL release earlier than 1.0.1f, SLOTH is probably not your biggest problem.

The authors recommend discontinuing use of MD5 and SHA-1 in general. So does nearly everyone else. Really the risk of continuing to support MD5 and SHA-1 can only meaningfully be evaluated in the context of your own threat model; but either you already know that, or you don't know what your threat model is, in which case the safe move is to drop support for MD5 and SHA-1 as soon as you can.

Michael Wojcik
Technology Specialist, Micro Focus

More information about the openssl-users mailing list