[cryptography] OpenSSL 1.0.0 released

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Mar 30 20:51:02 EDT 2010

Arturo Quirantes <aquirantes at cripto.es> writes:

>I  wonder  if  the  new release includes a patch to the recently attack by
>Pellegrini et al:
>and, if not, when will it be available.

This is currently being held up by a more urgent patch to defend OpenSSL
against a recently-discovered weakness involving pink unicorns.  The
Pellegrini attack defence is expected to be rolled out after this patch is
released, at the same time as a patch for "the leprechaun thing" (details
currently unpublished due to acute security concerns).


More information about the cryptography mailing list