Thanks for the response. > Don't do this. Switch to a supported version. There's no way you will > plausibly keep this secure. Bleichenbacher attacks may be the least of > your worries. I am actually using version 1.0.1h. > And of course, as you've already pointed out, that still left timing attacks. So, when was this timing attack fixed? On Wed, Dec 20, 2017 at 9:46 PM, Bodo Moeller <bmoeller@xxxxxxx> wrote: > Hanno Böck <hanno@xxxxxxxxx>: > >> > I was wondering when exactly (the version) was the OpenSSL library >> > patched for the Bleichenbacher Vulnerability? > > >> >> It was probably fixed some time in the late 90s. However according to >> https://www.openssl.org/news/changelog.html >> >> the countermeasures were accidentally removed in some 0.9.6 version. > > > The original countermeasure had been present back in SSLeay, but it also had > never actually worked at all until I accidentally removed it from s3_srvr.c > in 0.9.5 (not 0.9.6) and put it back in 0.9.6g with a fix. The original > implementation would have generated a randomized master secret but then > still ended the handshake with an error alert, thus achieving nothing. The > main takeaway from that is that good source code comments are invaluable, > because reverse-engineering the intentions underlying the code can be > particularly hard if said code doesn't actually do what it's intended to do > :-) > > Of course, in the end the 0.9.6g fix didn't achieve too much (other than > adding a source code explaining what that randomization was all about), > because the RFC 2246 countermeasure was still subject to the > Klíma-Pokorný-Rosa attack discovered later (and first addressed in 0.9.6j). > And of course, as you've already pointed out, that still left timing > attacks. > >> > Wanted to know this, since my custom application uses an older version >> > of OpenSSL, and I wanted to be sure that it is not affected. > > >> >> Don't do this. Switch to a supported version. There's no way you will >> plausibly keep this secure. Bleichenbacher attacks may be the least of >> your worries. > > > I completed agree. If you're using an "older version of OpenSSL", likely > it's subject to a few vulnerabilities with and without logos, and thus is > not what you should be running today. > > Bodo > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- With regards, Md Haris Iqbal, Contact: +91 8861996962 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
