projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ff864ff) | patch
Harden SSLv2-supporting servers against Bleichenbacher's attack.
authorEmilia Kasper <emilia@openssl.org>
Wed, 1 Apr 2015 15:08:45 +0000 (17:08 +0200)
committerEmilia Kasper <emilia@openssl.org>
Wed, 8 Apr 2015 14:28:42 +0000 (16:28 +0200)
commitae50d8270026edf5b3c7f8aaa0c6677462b33d97
treece946c211568734fc3b23f22db56acbb0c4ca382tree | snapshot
parentff864ffef33b4b09bb31ca3b0e17e1c85b65c2c8commit | diff
Harden SSLv2-supporting servers against Bleichenbacher's attack.

There is no indication that the timing differences are exploitable in
OpenSSL, and indeed there is some indication (Usenix '14) that they
are too small to be exploitable. Nevertheless, be careful and apply
the same countermeasures as in s3_srvr.c

Thanks to Nimrod Aviram, Sebastian Schinzel and Yuval Shavitt for
reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/s2_srvr.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.