Re: Bleichenbacher Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 20 December 2017 at 14:21, haris iqbal <haris.phnx@xxxxxxxxx> wrote:
> Wanted to know this, since my custom application uses an older version
> of OpenSSL, and I wanted to be sure that it is not affected.

Not answering your original question.  But you can test it using one
of the following tools:

========
The following tools have checks that will cover ROBOT:

testssl.sh has a test closely modelled after our own one. A snapshot
is available, it's not yet part of a release. It also supports SNI and
STARTTLS, which our test does not.

TLS-Attacker already contained Bleichenbacher checks before our
research, version 2.2 was extended with additional checks to cover all
ROBOT variations.

SSLLabs has added a check in their development version.

Tripwire IP360 added detection for vulnerable F5 devices in ASPL-753
which was released in coordination with F5's public advisory. Generic
detection of Bleichenbacher oracles will be released in coordination
with this publication.

tlsfuzzer has an extensive test script for Bleichenbacher vulns,
though it will also complain about misbehaving servers that are not
necessarily vulnerable.

SSLyze added support for ROBOT detection after our disclosure.
=========
Ref: https://robotattack.org/

-- mks --
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux