Re: OpenSSL J-Pake vulnerability CVE-2010-4252

Steve Hinchman · ‎12-17-2010

CVE-2010-4252 states that there is a vulnerability in all OpenSSL products prior to 1.0.0c. when J-Pake is compiled with the product.

I understand that "OpenSSL's implementation of J-PAKE is experimental and is not compiled in by default."

Can anyone tell me for sure that J-Pake is not compiled with the HP-UX OpenSSL products for 11iv1 v2 and v3?

Jay Workman · ‎12-22-2010

Looks like it is to me- check your /opt/openssl/0.9.8/include/openssl/ssl.h file for "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG"

I wonder when we can expect an update from HP for this?

Steve Hinchman · ‎12-22-2010

Sorry, but I don't understand the connection between J-PAKE and the include file entry that you stated???

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: OpenSSL J-Pake vulnerability CVE-2010-4252

OpenSSL J-Pake vulnerability CVE-2010-4252

Re: OpenSSL J-Pake vulnerability CVE-2010-4252

Re: OpenSSL J-Pake vulnerability CVE-2010-4252