[arch-dev-public] [Fwd: Fw: OpenSSL 0.9.8e has serious bug]
Tom K
tom at archlinux.org
Fri Apr 20 09:47:25 EDT 2007
Valient Gough wrote:
>
> Hi Tom,
>
> I don't know if there is any tracking of OpenSSL bugs. While testing
> out user reports of 0.9.8e incompatibility, I narrowed it down to an
> OpenSSL problem and sent a simple test case to the OpenSSL mailing list.
>
> http://www.mail-archive.com/openssl-users@openssl.org/msg48671.html
>
> I haven't dug through OpenSSL to determine the entire extent of the
> problem. I believe it causes Blowfish to use 128-bit encryption no
> matter what key length you specify.
>
> Valient
>
Thanks for getting back to me. I would be grateful if you could test my
patched build, available here:
http://www.archlinux.org/~tom/packages/openssl-0.9.8e-3.pkg.tar.gz
PKGBUILD and patch here:
http://www.archlinux.org/~tom/packages/openssl/
T.
P.S. I've already posted this on our public dev list, but as you may not
be a subscriber, I'm sending it to you directly also.
More information about the arch-dev-public
mailing list