[openssl-users] request for TLBleed information / non-constant-time vulnerabilities

Michael R. Hines mrhines at digitalocean.com
Thu Jul 26 20:48:34 UTC 2018

Good afternoon,

Our team is trying to get an accurate understanding of whether or not 
cryptographic libraries are vulnerable to the kind of non-constant-time 
attack used by exploits such as the one recently documented here: 

Unfortunately, Intel has not provided much guidance in this area but has 
indicated that software mitigation can and should be implemented by 
libraries like OpenSSL. We're also not currently aware of any open CVEs 
or embargos active for this particular side-channel attack.

Any help or guidance would be appreciated.

Can the openssl community comment on this?


  * Michael R. Hines
  * Staff Engineer, DigitalOcean.

More information about the openssl-users mailing list