[openssl-users] Bleichenbacher Vulnerability
haris.phnx at gmail.com
Thu Dec 21 05:53:48 UTC 2017
Thanks for the response.
> Don't do this. Switch to a supported version. There's no way you will
> plausibly keep this secure. Bleichenbacher attacks may be the least of
> your worries.
I am actually using version 1.0.1h.
> And of course, as you've already pointed out, that still left timing attacks.
So, when was this timing attack fixed?
On Wed, Dec 20, 2017 at 9:46 PM, Bodo Moeller <bmoeller at acm.org> wrote:
> Hanno Böck <hanno at hboeck.de>:
>> > I was wondering when exactly (the version) was the OpenSSL library
>> > patched for the Bleichenbacher Vulnerability?
>> It was probably fixed some time in the late 90s. However according to
>> the countermeasures were accidentally removed in some 0.9.6 version.
> The original countermeasure had been present back in SSLeay, but it also had
> never actually worked at all until I accidentally removed it from s3_srvr.c
> in 0.9.5 (not 0.9.6) and put it back in 0.9.6g with a fix. The original
> implementation would have generated a randomized master secret but then
> still ended the handshake with an error alert, thus achieving nothing. The
> main takeaway from that is that good source code comments are invaluable,
> because reverse-engineering the intentions underlying the code can be
> particularly hard if said code doesn't actually do what it's intended to do
> Of course, in the end the 0.9.6g fix didn't achieve too much (other than
> adding a source code explaining what that randomization was all about),
> because the RFC 2246 countermeasure was still subject to the
> Klíma-Pokorný-Rosa attack discovered later (and first addressed in 0.9.6j).
> And of course, as you've already pointed out, that still left timing
>> > Wanted to know this, since my custom application uses an older version
>> > of OpenSSL, and I wanted to be sure that it is not affected.
>> Don't do this. Switch to a supported version. There's no way you will
>> plausibly keep this secure. Bleichenbacher attacks may be the least of
>> your worries.
> I completed agree. If you're using an "older version of OpenSSL", likely
> it's subject to a few vulnerabilities with and without logos, and thus is
> not what you should be running today.
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Md Haris Iqbal,
Contact: +91 8861996962
More information about the openssl-users