4 Mar
2015
4 Mar
'15
1:12 p.m.
On Wed, Mar 4, 2015 at 5:26 AM, starlight.2015q1@binnacle.cx wrote:
Cipher-downgrade CVE-2015-0204 fixed in OpenSSL 1.0.1k.
usual sensational write-up courtesy of El-Reg
I believe this doesn't affect Tor relays or clients, because we have never supported export ciphers or generated export keys.
For operators who don't obsess over "non-critical" OpenSSL releases, is it time to catch up?
I would suggest that everybody should update their openssl releases as a matter of best practice, IMNSHO.
For more information, Matthew Green's writeup is quite informative: http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-fact...