No subject

Sun Feb 20 16:52:19 PST 2005

Security fix: Vaudenay timing attack on CBC

+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked +    
via timing by performing a MAC computation even if incorrrect +     block
cipher padding has been found.  This is a countermeasure +     against
active attacks where the attacker has to distinguish +     between bad
padding and a MAC verification error. (CAN-2003-0078) +
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]

---------- Forwarded message ----------
Date: Wed, 19 Feb 2003 14:43:57 +0100 (CET)
From: Richard Levitte - VMS Whacker <levitte at>
Reply-To: openssl-users at
To: openssl-announce at, openssl-users at,
     openssl-dev at, coderpunks at,
cypherpunks at, cryptography at,
     INFO-WASD at VSM.COM.AU, VMS-SSH at ALPHA.SGGW.WAW.PL, vms-web-daemon at KJSL.COM
Subject: [ANNOUNCE] OpenSSL 0.9.7a and 0.9.6i released


  OpenSSL version 0.9.7a and 0.9.6i released
  ========================================  OpenSSL - The Open Source
toolkit for SSL/TLS

  The OpenSSL project team is pleased to announce the release of
  version 0.9.7a of our open source toolkit for SSL/TLS.  This new OpenSSL
version is a security and bugfix release and incorporates at least 11
changes and bugfixes to the toolkit (for a complete list see

  We also release 0.9.6i, which contains the same security bugfix as
0.9.7a and a few more small bugfixes compared to 0.9.6h.

  The most significant changes are:

    o Security: Important security related bugfixes. [0.9.7a and 0.9.6i] o
Enhanced compatibility with MIT Kerberos. [0.9.7a]
    o Can be built without the ENGINE framework. [0.9.7a]
    o IA32 assembler enhancements. [0.9.7a]
    o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
[0.9.7a] o Configuration: the no-err option now works properly.
[0.9.7a] o SSL/TLS: now handles manual certificate chain building.
[0.9.7a] o SSL/TLS: certain session ID malfunctions corrected.

  We consider OpenSSL 0.9.7a to be the best version of OpenSSL available
and we strongly recommend that users of older versions upgrade as soon
as possible.  OpenSSL 0.9.7a is available for download via HTTP and FTP
from the following master locations (you can find the various FTP
mirrors under


  For those who want or have to stay with the 0.9.6 series of OpenSSL, we
strongly recommend that you upgrade to OpenSSL 0.9.6i as soon as
possible.  It's available in the same location as 0.9.7a.

  The distribution file name is:

    o openssl-0.9.7a.tar.gz [normal]
      MD5 checksum: a0d3203ecf10989fdc61c784ae82e531
    o openssl-0.9.6i.tar.gz [normal]
      MD5 checksum: 9c4db437c17e0b6412c5e4645b6fcf5c
    o openssl-engine-0.9.6i.tar.gz [engine]
      MD5 checksum: c9adc0596c630b31b999eba32fc0a6b3

  The checksums were calculated using the following command:

    openssl md5 < openssl-0.9.7a.tar.gz
    openssl md5 < openssl-0.9.6i.tar.gz
    openssl md5 < openssl-engine-0.9.6i.tar.gz

  The OpenSSL Project Team...

    Mark J. Cox             Ben Laurie          Andy Polyakov
    Ralf S. Engelschall     Richard Levitte     Geoff Thorpe
    Dr. Stephen Henson      Bodo Möller
    Lutz Jänicke            Ulf Möller

Version: 2.6.3ia
Charset: noconv

OpenSSL Project                       
Announcement Mailing List                 openssl-announce at
Automated List Manager                           majordomo at

More information about the talk mailing list