In association with heise online

« previous | next »
9 December 2010, 03:45

New version of OpenSSL fixes two vulnerabilities

SSL Logo Version 1.0.0c of the free OpenSSL SSL implementation fixes two vulnerabilities. A flaw in an older workaround for Netscape browsers and servers can be remotely exploited to make an OpenSSL server downgrade the ciphersuite to a weaker one for subsequent connections. This can potentially simplify the cracking of encrypted connections. The update simply disables the workaround.

Another flaw in the implementation of the "Password Authenticated Key Exchange by Juggling" protocol (J-PAKE PDF) allows intruders to authenticate themselves without a secret key. While this flaw has been fixed in the current version, the developers point out that their implementation is still experimental and not compiled by default.

(ehe)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-1150044

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit