OpenSSL v0.9.7.j Release Notes
Release Date: 2006-09-05 // over 17 years ago-
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher [CVE-2006-4339][] [Ben Laurie and Google Security Team]
Change the Unix randomness entropy gathering to use poll() when possible instead of select(), since the latter has some undesirable limitations.
Darryl Miles via Richard Levitte and Bodo Moeller
Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there.
Also deactivate the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired.
Bodo Moeller
- Fix RSA blinding Heisenbug (problems sometimes occurred on dual-core machines) and other potential thread-safety issues.
Bodo Moeller