Patch-ID# 106830-01 Keywords: security ENCRYPTION INTERNATIONAL: make ssl module client Synopsis: Netra-j 2.1: make ssl module work as client, domestic (US only) Date: Jan/13/99 ****************************************************** The items made available through this website are subject to United States export laws and may be subject to export and import laws of other countries. You agree to strictly comply with all such laws and obtain licenses to export, re-export, or import as may be required. Unless expressly authorized by the United States Government to do so you will not, directly or indirectly, export or re-export the items made available through this website, nor direct the items therefrom, to any embargoed or restricted country identified in the United States export laws, including but not limited to the Export Administration Regulations (15 C.F.R. Parts 730-774). ****************************************************** Solaris Release: 2.5.1, 2.6 SunOS Release: 5.5.1, 5.6 Unbundled Product: Netra-j Unbundled Release: 2.1 Relevant Architectures: sparc NOTE: sun4u, sun4m BugId's fixed with this patch: 4164957 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: libssl.pse Problem Description: 4164957 netra_j ocs 4 5 OCS SSL private key encryption passwrd does not require a passwrd An information leak in most SSL implementations that allows a very complex attack to recover a session key for a session that had been previously recorded. Reference CERT Advisory CA-98.07 issued 6/26/98: The CERT Coordination Center has received a report regarding a vulnerability in some implementations of products utilizing RSA Laboratories' Public-Key Cryptography Standard #1 (PKCS#1). Under some situations, a sophisticated intruder may be able to use the vulnerability in PKCS#1 to recover information from SSL-encrypted sessions. Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- None.