Software update: OpenSSL 0.9.7b

OpenSSL (SSL = Secure Socket Layer), the well-known security software for web servers, among others, has released a number of important bug fixes, and packed them in a new release of OpenSSL which has been given the version number 0.9.7b. The changelog contains the following points:

Changes between 0.9.7a and 0.9.7b

  • Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher’s attack on PKCS #1 v1.5 padding: treat a protocol version number mismatch like a decryption error in ssl3_get_client_key_exchange (ssl/s3_srvr.c). [Bodo Moeller]
  • Turn on RSA blinding by default in the default implementation to avoid a timing attack. Applications that don’t want it can call RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. They would be ill-advised to do so in most cases. [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
  • Change RSA blinding code so that it works when the PRNG is not seeded (in this case, the secret RSA exponent is abused as an unpredictable seed — if it is not unpredictable, there is no point in blinding anyway). Make RSA blinding thread-safe by remembering the creator’s thread ID in rsa->blinding and having all other threads use local one-time blinding factors (this requires more computation than sharing rsa->blinding, but avoids excessive locking; and if an RSA object is not shared between threads, blinding will still be very fast). [Bodo Moeller]
  • Fixed a typo bug that would cause ENGINE_set_default() to set an ENGINE as defaults for all supported algorithms irrespective of the ‘flags’ parameter. ‘flags’ is now honoured, so applications should make sure they are passing it correctly.[Geoff Thorpe]
  • Target “mingw” now allows native Windows code to be generated in the Cygwin environment as well as with the MinGW compiler. [Ulf Moeller]

Version number 0.9.7b
Website OpenSSL
file size


License type Conditions (GNU/BSD/etc.)