Hanno Böck <hanno@xxxxxxxxx>:
> I was wondering when exactly (the version) was the OpenSSL library
> patched for the Bleichenbacher Vulnerability?
It was probably fixed some time in the late 90s. However according to
https://www.openssl.org/news/changelog.html
the countermeasures were accidentally removed in some 0.9.6 version.
The original countermeasure had been present back in SSLeay, but it also had never actually worked at all until I accidentally removed it from s3_srvr.c in 0.9.5 (not 0.9.6) and put it back in 0.9.6g with a fix. The original implementation would have generated a randomized master secret but then still ended the handshake with an error alert, thus achieving nothing. The main takeaway from that is that good source code comments are invaluable, because reverse-engineering the intentions underlying the code can be particularly hard if said code doesn't actually do what it's intended to do :-)
Of course, in the end the 0.9.6g fix didn't achieve too much (other than adding a source code explaining what that randomization was all about), because the RFC 2246 countermeasure was still subject to the Klíma-Pokorný-Rosa attack discovered later (and first addressed in 0.9.6j). And of course, as you've already pointed out, that still left timing attacks.
> Wanted to know this, since my custom application uses an older version
> of OpenSSL, and I wanted to be sure that it is not affected.
Don't do this. Switch to a supported version. There's no way you will
plausibly keep this secure. Bleichenbacher attacks may be the least of
your worries.
I completed agree. If you're using an "older version of OpenSSL", likely it's subject to a few vulnerabilities with and without logos, and thus is not what you should be running today.
Bodo
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
