[openssl-users] openSSL and SLOTH attack

Miriam Celi mceli at us.ibm.com
Thu Jan 7 20:15:37 UTC 2016

Michael Wojcik <Michael.Wojcik at ...> writes:

> As described on that web page, use OpenSSL 1.0.1f or later. That  prevents
the currently-practical SLOTH
> attack against RSA-MD5 client authentication.
> If you're using an OpenSSL release earlier than 1.0.1f, SLOTH is probably
not your biggest problem.
> The authors recommend discontinuing use of MD5 and SHA-1 in general. So
does nearly everyone else. Really
> the risk of continuing to support MD5 and SHA-1 can only meaningfully be
evaluated in the context of your
> own threat model; but either you already know that, or you don't know what
your threat model is, in which
> case the safe move is to drop support for MD5 and SHA-1 as soon as you can.

Are the 1.0.0 and 1.0.2 branches also affected? The article states that the
issue is present in openssl versions prior to 1.0.1f. If the issue is also
present in the 1.0.0 and 1.0.2 branches, will fixes be provided on those
branches to address the issue?

Thanks very much for your feedback.

Best regards,

More information about the openssl-users mailing list