Re: [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
------=_Part_31779_12013386.1159907519239
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
OpenSSL Development Team,
When do you expect that a NIST certified version of AES will be released in
OpenSSL? I notice from the NIST reference website of validated AES
implementations that version 1.1 FIPS Object Module Library was validated o=
n
7/20/2006. Is this version included in any of the new releases?
Thanks,
Chip Masters
On 9/28/06, Mark J Cox <mark@awe.com> wrote:[color=blue]
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> OpenSSL version 0.9.8d and 0.9.7l released
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=[/color]
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D[color=blue]
>
> OpenSSL - The Open Source toolkit for SSL/TLS
> [url]http://www.openssl.org/[/url]
>
> The OpenSSL project team is pleased to announce the release of
> version 0.9.8d of our open source toolkit for SSL/TLS. This new
> OpenSSL version is a security and bugfix release and incorporates
> changes and bugfixes to the toolkit. For a complete list of
> changes, please see [url]http://www.openssl.org/source/exp/CHANGES[/url].
>
> This release fixes four security vulnerabilities, CVE-2006-2937,
> CVE-2006-2940, CVE-2006-3738, CVE-2006-4343. Please see
> [url]http://www.openssl.org/news/secadv_20060928.txt[/url]
>
> We also release 0.9.7l, which contains the security update and
> bugfixes compared to 0.9.7k.
>
> We consider OpenSSL 0.9.8d to be the best version of OpenSSL
> available and we strongly recommend that users of older versions
> upgrade as soon as possible. OpenSSL 0.9.8d is available for
> download via HTTP and FTP from the following master locations (you
> can find the various FTP mirrors under
> [url]http://www.openssl.org/source/mirror.html):[/url]
>
> * [url]http://www.openssl.org/source/[/url]
> * [url]ftp://ftp.openssl.org/source/[/url]
>
> For those who want or have to stay with the 0.9.7 series of
> OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.7l
> as soon as possible. It's available in the same location as
> 0.9.8d.
>
> The distribution file names are:
>
> o openssl-0.9.8d.tar.gz
> MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
> SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
>
> o openssl-0.9.7l.tar.gz
> MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
> SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
>
> The checksums were calculated using the following commands:
>
> openssl md5 openssl-0.9.*.tar.gz
> openssl sha1 openssl-0.9.*.tar.gz
>
> Yours,
>
> The OpenSSL Project Team...
>
> Mark J. Cox Nils Larsch Ulf M=F6ller
> Ralf S. Engelschall Ben Laurie Andy Polyakov
> Dr. Stephen Henson Richard Levitte Geoff Thorpe
> Lutz J=E4nicke Bodo M=F6ller
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
>
> iQCVAwUBRRvCTe6tTP1JpWPZAQIRbgP/aIb5s19eiSBrdGpSy36Ce1piAtBfqPPM
> Bw/j9Y6fWTQYS5z/ZNDnFLmbQw269bR5nYIMT6da5dyKmSt9v6dUJHdQXI7i/gf4
> o3JPEZwqRqqz1tyhhBNFMNAx3hV73noLOXUUuak+2Zw9VtKGTb4HoRGGmXq8VUSn
> zeeX2KgXEwg=3D
> =3DfiHy
> -----END PGP SIGNATURE-----
>
> ______________________________________________________________________
> OpenSSL Project [url]http://www.openssl.org[/url]
> Development Mailing List [email]openssl-dev@openssl.org[/email]
> Automated List Manager [email]majordomo@openssl.org[/email]
>[/color]
------=_Part_31779_12013386.1159907519239
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
OpenSSL Development Team,<br><br>When do you expect that a NIST certified v=
ersion of AES will be released in OpenSSL? I notice from the NIST reference=
website of validated AES implementations that version 1.1 FIPS Object Modu=
le Library was validated on 7/20/2006. Is this version included in any of t=
he new releases?
<br><br>Thanks,<br><br>Chip Masters<br><br><div><span class=3D"gmail_quote"=[color=blue]
>On 9/28/06, <b class=3D"gmail_sendername">Mark J Cox</b> <<a href=3D"ma=[/color]
ilto:mark@awe.com">mark@awe.com</a>> wrote:</span><blockquote class=3D"g=
mail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt=
0pt 0pt 0.8ex; padding-left: 1ex;">
-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br><br> Op=
enSSL version 0.9.8d and 0.9.7l released<br> =3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br><br> OpenSSL - The Open So=
urce toolkit for SSL/TLS<br> <a href=3D"http://www.openssl.org/=
">
http://www.openssl.org/</a><br><br> The OpenSSL project team is=
pleased to announce the release of<br> version 0.9.8d of our o=
pen source toolkit for SSL/TLS. This new<br> OpenSSL version is=
a security and bugfix release and incorporates
<br> changes and bugfixes to the toolkit. For a comp=
lete list of<br> changes, please see <a href=3D"http://www.open=
ssl.org/source/exp/CHANGES">http://www.openssl.org/source/exp/CHANGES</a>.<=
br><br> This release fixes four security vulnerabilities, CVE-2=
006-2937,
<br> CVE-2006-2940, CVE-2006-3738, CVE-2006-4343. Pl=
ease see<br> <a href=3D"http://www.openssl.org/news/secadv_2006=
0928.txt">http://www.openssl.org/news/secadv_20060928.txt</a><br><br> =
We also release 0.9.7l, which contains the security update and
<br> bugfixes compared to 0.9.7k.<br><br> We consid=
er OpenSSL 0.9.8d to be the best version of OpenSSL<br> availab=
le and we strongly recommend that users of older versions<br> u=
pgrade as soon as possible. OpenSSL=20
0.9.8d is available for<br> download via HTTP and FTP from the =
following master locations (you<br> can find the various FTP mi=
rrors under<br> <a href=3D"http://www.openssl.org/source/mirror=
..html">[url]http://www.openssl.org/source/mirror.html[/url]
</a>):<br><br> * <a href=3D"http://www.openssl.org/=
source/">http://www.openssl.org/source/</a><br> * <=
a href=3D"ftp://ftp.openssl.org/source/">ftp://ftp.openssl.org/source/</a><=
br><br> For those who want or have to stay with the=20
0.9.7 series of<br> OpenSSL, we strongly recommend that you upg=
rade to OpenSSL 0.9.7l<br> as soon as possible. It's=
available in the same location as<br> 0.9.8d.<br><br> &nb=
sp; The distribution file names are:<br><br> o=20
openssl-0.9.8d.tar.gz<br> MD5 checksum: =
8ed1853538e1d05a1f5ada61ebf8bffa<br> SHA=
1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2<br><br> &nb=
sp; o openssl-0.9.7l.tar.gz<br> MD5=
checksum: b21d6e10817ddeccf5fbe1379987333e
<br> SHA1 checksum: f0e4136639b10cbd1227=
c4f7350ff7ad406e575d<br><br> The checksums were calculated usin=
g the following commands:<br><br> openssl md5 openss=
l-0.9.*.tar.gz<br> openssl sha1 openssl-0.9.*.tar.gz=
<br>
<br> Yours,<br><br> The OpenSSL Project Team...<br>=
<br> Mark J. Cox =
Nils Larsch &nb=
sp; Ulf M=F6ller<br> Ralf S. Engel=
schall Ben Laurie &nbs=
p; Andy Polyakov<br> Dr. Step=
hen Henson Richard Levitte &n=
bsp; Geoff Thorpe
<br> Lutz J=E4nicke &nb=
sp; Bodo M=F6ller<br><br><br><br>-----BE=
GIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.2.2 (GNU/Linux)<br><br>iQCVAw=
UBRRvCTe6tTP1JpWPZAQIRbgP/aIb5s19eiSBrdGpSy36Ce1piAtBfqPPM<br>Bw/j9Y6fWTQYS=
5z/ZNDnFLmbQw269bR5nYIMT6da5dyKmSt9v6dUJHdQXI7i/gf4
<br>o3JPEZwqRqqz1tyhhBNFMNAx3hV73noLOXUUuak+2Zw9VtKGTb4HoRGGmXq8VUSn<br>zee=
X2KgXEwg=3D<br>=3DfiHy<br>-----END PGP SIGNATURE-----<br><br>______________=
________________________________________________________<br>OpenSSL Project=
&nb=
sp; =
=20
<a href=3D"http://www.openssl.org">http://www.openssl.org</a><br>Developmen=
t Mailing List &=
nbsp; <a =
href=3D"mailto:openssl-dev@openssl.org">openssl-dev@openssl.org</a><br>Auto=
mated List Manager &nb=
sp; =
=20
<a href=3D"mailto:majordomo@openssl.org">majordomo@openssl.org</a><br></blo=
ckquote></div><br>
------=_Part_31779_12013386.1159907519239--
______________________________________________________________________
OpenSSL Project [url]http://www.openssl.org[/url]
Development Mailing List [email]openssl-dev@openssl.org[/email]
Automated List Manager [email]majordomo@openssl.org[/email]
