On Thu, Apr 17, 2003 at 09:49:57PM -0400, Gilles Pelletier said: > > And what's a bug fix supposed to mean when OpenSSL workings are hidden > from the user: either it works or it doesn't. If it doesn't it's a > security hole. It is entirely possible (and, unfortunately, even likely) that everything appears to work from the user's standpoint, but that there are in fact holes in the security. The majority of web users are probably using web browsers that still use SSLv2, which is an inherently flawed protocol. It's also unlikely that all the problems in OpenSSL have been discovered by the white hats yet. -- Shawn McMahon | Let every nation know, whether it wishes us well or ill, EIV Consulting | that we shall pay any price, bear any burden, meet any UNIX and Linux | hardship, support any friend, oppose any foe, to assure http://www.eiv.com| the survival and the success of liberty. - JFK
Attachment:
pgpE2yY6uboKf.pgp
Description: PGP signature