subject:"\[Bug 56596\] OpenSSL 1.0.1g is vulnerable to a man\-in\-the\-middle attack"

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2024-07-19 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #19 from pooop --- https://dai.ly/k6Z7J0dS0q4eLSB6Tqw -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsu

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2024-07-19 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #18 from pooop --- https://www.dailymotion.com/video/x92hf1k -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: d

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-07 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #16 from Klemen Novak --- Hi, I tested Mark Thomas version and it works on my servers. Windows 2008 R2 x64, Tomcat 7.0.54 x64. I also tested the server with SSLLabs and its ok. I works fine. -- You are receiving this mail b

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #15 from Martin Schelldorfer --- (In reply to Mark Thomas from comment #14) > I have built x86 and x64 versions using what should be pretty much the same > toolchain as is used for the releases. The results can be obtained from:

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #14 from Mark Thomas --- I have built x86 and x64 versions using what should be pretty much the same toolchain as is used for the releases. The results can be obtained from: http://people.apache.org/~markt/dev/tomcat-native-1.1.

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #13 from Mark Thomas --- (In reply to Mark Thomas from comment #12) > There appear to be a couple of problems with those DLLs. > > The depends tool reports that: > - the 32-bit DLL depends on 64-bit libraries That looks like i

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #12 from Mark Thomas --- There appear to be a couple of problems with those DLLs. The depends tool reports that: - the 32-bit DLL depends on 64-bit libraries - the 64-bit DLL depends the MS Visual C runtime msvcr100.dll There

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #11 from Martin Schelldorfer --- DLLs for Win32/x64 APR 1.5.1 and OpenSSL 1.0.1h 5 Jun 2014 -- You are receiving this mail because: You are the assignee for the bug. --

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 Martin Schelldorfer changed: What|Removed |Added Attachment #31776|tomcat-native-1.1.31beta|DLL for Win32 descrip

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #10 from Martin Schelldorfer --- Created attachment 31777 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31777&action=edit DLL for x64 DLL for x64 APR 1.5.1 and OpenSSL 1.0.1h 5 Jun 2014 -- You are receiving this

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #9 from Martin Schelldorfer --- Created attachment 31776 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31776&action=edit tomcat-native-1.1.31beta DLL for Win32 APR 1.5.1 and OpenSSL 1.0.1h 5 Jun 2014 -- You are r

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #8 from Klemen Novak --- Martin Schelldorfer is will test them. Please provide me with link. Thank you. I will test them with tomcat 6 and 7 on windows 2008 R2 and then try with SSLLabs. -- You are receiving this mail because

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-07-01 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #7 from Martin Schelldorfer --- I was able to build the DLL for Win32 and x64 using Visual Studio 2010. It contains APR 1.5.1 and OpenSSL 1.0.1h 5 Jun 2014. I tested the Win32 DLL on Tomcat 7.0.53 / Windows Server 2003 and it's

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-06-27 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #6 from Christopher Schultz --- Jeffrey, if you take a look at my post here (http://markmail.org/message/gex3hshaprlxcuzs), you'll find a DOS batch file that, with a few prerequisites, will download and build the 32-bit x86 open

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-06-25 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #5 from jeffrey.jan...@polydyne.com --- I went ahead and downloaded MS Visual Studio Express today in hopes of trying to do my own build based on Mladen's instructions in Bug 56363. Unfortunately, I'm juggling a half-dozen other

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-06-25 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #4 from Konstantin Kolinko --- (In reply to Klemen Novak from comment #3) > Is there anyone working on this problem? One person, and it looks that it is not going very well. The progress is discussed in issue 56363 and on dev

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-06-25 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #3 from Klemen Novak --- Is there anyone working on this problem? Please fix the issue as soon as possible. Thank you. -- You are receiving this mail because: You are the assignee for the bug. ---

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-06-25 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #2 from jeffrey.jan...@polydyne.com --- This is CVE-2014-0224. It's caused my rating on Qualys SSL test to drop from an A+ to an F. Is there any way to mitigate the vulnerability? Mladen? Any chance you could roll us out a new v

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-06-25 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 Martin Schelldorfer changed: What|Removed |Added CC||schelldor...@gmail.com -- Y

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-06-24 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 Bill changed: What|Removed |Added CC||bb...@opentext.com -- You are receiving th

[Bug 56596] OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

2014-06-24 Thread bugzilla

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596 --- Comment #1 from Konstantin Kolinko --- See Comment 20 (and Comment 7) in issue 56363. https://issues.apache.org/bugzilla/show_bug.cgi?id=56363#c20 -- You are receiving this mail because: You are the assignee for the bug.