Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 1 reactie
Bron: OpenSSL

Het ontwikkelteam van OpenSSL, een bekend security programma dat encryptie functies aanbied, heeft twee nieuwe versies uitgebracht om de beveiligingsproblemen die eerder vandaag op de frontpage te lezen waren op te lossen. De versienummers zijn aangekomen bij 0.9.8c en 0.9.7k en voorzien van de volgende veranderingen:

Changes between 0.9.8b and 0.9.8c:
  • Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher (CVE-2006-4339) [Ben Laurie and Google Security Team]
  • Add AES IGE and biIGE modes. [Ben Laurie]
  • Change the Unix randomness entropy gathering to use poll() when possible instead of select(), since the latter has some undesirable limitations. [Darryl Miles via Richard Levitte and Bodo Moeller]
  • Disable "ECCdraft" ciphersuites more thoroughly. Now special treatment in ssl/ssl_ciph.s makes sure that these ciphersuites cannot be implicitly activated as part of, e.g., the "AES" alias. However, please upgrade to OpenSSL 0.9.9[-dev] for non-experimental use of the ECC ciphersuites to get TLS extension support, which is required for curve and point format negotiation to avoid potential handshake problems. [Bodo Moeller]
  • Disable rogue ciphersuites:
    • SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
    • SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
    • SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
    The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there.
    Also deactive the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired. [Bodo Moeller]
  • Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller]
  • Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key versions), which is now available for royalty-free use (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). Also, add Camellia TLS ciphersuites from RFC 4132.
    To minimize changes between patchlevels in the OpenSSL 0.9.8 series, Camellia remains excluded from compilation unless OpenSSL is configured with 'enable-camellia'. [NTT]
  • Disable the padding bug check when compression is in use. The padding bug check assumes the first packet is of even length, this is not necessarily true if compresssion is enabled and can result in false positives causing handshake failure. The actual bug test is ancient code so it is hoped that implementations will either have fixed it by now or any which still have the bug do not support compression. [Steve Henson]

Changes between 0.9.7j and 0.9.7k:
  • Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher (CVE-2006-4339) [Ben Laurie and Google Security Team]
  • Change the Unix randomness entropy gathering to use poll() when possible instead of select(), since the latter has some undesirable limitations. [Darryl Miles via Richard Levitte and Bodo Moeller]
  • Disable rogue ciphersuites:
    • SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
    • SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
    • SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
    The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there.
    Also deactive the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired. [Bodo Moeller]
  • Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller]
[break]De volgende twee downloads zijn beschikbaar:
* OpenSSL 0.9.8c
* OpenSSL 0.9.7k
Versienummer:0.9.8c / 0.9.7k
Besturingssystemen:Windows 9x, Windows NT, Windows 2000, Linux, BSD, Windows XP, macOS, OS/2, Solaris, UNIX, Windows Server 2003
Website:OpenSSL
Download:http://www.openssl.org/source/
Licentietype:Voorwaarden (GNU/BSD/etc.)
Moderatie-faq Wijzig weergave

Reacties (1)

Even een stomme vraag, maar waarom zou je 0.9.7k gaan gebruiken als 0.9.8c uit is? Neem aan dat ook hier geld: de laatste versie is het beste?

En; iemand al een link met Win32-binaries van deze tools?

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True