Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

OpenSSL J-Pake vulnerability CVE-2010-4252

OpenSSL J-Pake vulnerability CVE-2010-4252

CVE-2010-4252 states that there is a vulnerability in all OpenSSL products prior to 1.0.0c. when J-Pake is compiled with the product.

I understand that "OpenSSL's implementation of J-PAKE is experimental and is not compiled in by default."

Can anyone tell me for sure that J-Pake is not compiled with the HP-UX OpenSSL products for 11iv1 v2 and v3?
2 REPLIES
Jay Workman
Occasional Visitor

Re: OpenSSL J-Pake vulnerability CVE-2010-4252

Looks like it is to me- check your /opt/openssl/0.9.8/include/openssl/ssl.h file for "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG"

I wonder when we can expect an update from HP for this?

Re: OpenSSL J-Pake vulnerability CVE-2010-4252

Sorry, but I don't understand the connection between J-PAKE and the include file entry that you stated???