NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Enrique Chaparro <[log in to unmask]>
Reply To:
Enrique Chaparro <[log in to unmask]>
Date:
Wed, 2 Mar 2016 09:59:56 -0300
Content-Type:
text/plain
Parts/Attachments:
text/plain (21 lines)
Assuming, as it should be the case since the protocol is
deprecated as from 2011, that SSLv2 is not allowed in your
server, apply all OpenSSL patches up to and including that
of March 1st.

BTW, this is an excellent example of why state-sponsored
backdoors should _never_ be introduced in sofware or protocols,
whatever the excuse. Please note also that the flawed (NSA
infected?)[1] PKCS#1v1.5 standard is at the very core of DNSSEC,[2]
the politicaly heavy-loadel protocol that's being used to turn Internet
into a hierarchical network.

Regards from the Far South,

Enrique

[1] Considering Dual_EC_DRBG and the whole Juniper affair,
this is completely possible.
[2] See RFC 5702, section 3. Bleichenbacher's attack against
PKCS#1v1.5 is known since 1998

ATOM RSS1 RSS2