tech-security: Re: [Bodo Moeller <bodo@openssl.org>] OpenSSL Security Advisory: Timing-based attacks on SSL/TLS with CBC encryption

Subject: Re: [Bodo Moeller ] OpenSSL Security Advisory: Timing-based attacks on SSL/TLS with CBC encryption
To: Perry E. Metzger <perry@piermont.com>
From: Thomas Klausner <wiz@netbsd.org>
List: tech-security
Date: 02/20/2003 18:53:42

On Thu, Feb 20, 2003 at 10:32:33AM -0500, Perry E. Metzger wrote:
> As described within, we should be upgrading our OpenSSL setup.

The particular problem is fixed in -current and on the 1.6-branch.

I don't disagree with your statement though.

I fear it's a bit messy though....

 Thomas