Skip to content
Commit ae50d827 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

Harden SSLv2-supporting servers against Bleichenbacher's attack.



There is no indication that the timing differences are exploitable in
OpenSSL, and indeed there is some indication (Usenix '14) that they
are too small to be exploitable. Nevertheless, be careful and apply
the same countermeasures as in s3_srvr.c

Thanks to Nimrod Aviram, Sebastian Schinzel and Yuval Shavitt for
reporting this issue.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent ff864ffe
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment