OpenSSL-2022/software at main · NCSC-NL/OpenSSL-2022You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows - OpenSSL Blog
Today we published an advisory about CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflowâ€) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflowâ€). Please read the advisory for specific details about these CVEs and how they might impact you. This blog post will address some common questions that we expect to be asked about these CVEs. Q: The 3.0.7 release was announced as
ç†è§£ã—ã¦ã‚‹ã¤ã‚‚ã‚Šã® SSL/TLS ã§ã‚‚ã€ã‚‚ã£ã¨ç†è§£ã—ãŸã‚‰é¢ç™½ã‹ã£ãŸè©± · ã‘ã‚“ã”ã®ãŠå±‹æ•·
apache ã‚„ nginx ã®è¨å®šã‚’ã—ãŸã“ã¨ãŒã‚ã‚Œã°ä»¥ä¸‹ã®æ§˜ãªè¡Œã‚’見ãŸã“ã¨ãŒã‚る人も多ã„ã®ã§ã¯ãªã„ã§ã—ょã†ã‹ã€‚(※ 下記㯠nginx ã®è¨å®šã€‚apache ã®å ´åˆã¯ SSLCipherSuite ã§ã™ã€‚) ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; ã“ã‚ŒãŒæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã‚’指定ã—ã¦ã„る箇所ã§ã™ã€‚ãã—ã¦ã“ã®éƒ¨åˆ†ã€ã‚ã‘ã®ã‚ã‹ã‚‰ãªã„æ–‡å—列ã®ç¾…列ãªã®ã§ã™ã”ãå–ã£ã¤ãã«ããã¦ä½•ã‚’指定ã—ãŸã‚‰ã„ã„ã‹ã‚ã‹ã‚‰ãªã„ã®ã§ã€ã‚³ãƒ”ペã—ã¦ã—ã¾ã†äººã‚‚多ã„ã‚“ã˜ã‚ƒãªã„ã§ã—ょã†ã‹ã€‚ã‹ãã„ã†ç§ã‚‚æ•°å¹´å‰ã«è¶£å‘³ã§ TLS 対応㮠Web サービスを作ã£ãŸæ™‚ã¯ã‚³ãƒ”ペã§æ¸ˆã¾ã›ã¦ã„ã¾ã—ãŸã€‚ã“ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ãª OpenSSL ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’使ã£ã¦å¯¾å¿œã—ã¦ã„る一覧を見るã“ã¨ãŒã§ãã¾ã™ã€‚ $ openssl ciphers -v AES128-SH
Lavabit 事件ã¨ãã®ä½™æ³¢ã€ãã—㦠Forward Secrecy - ã‚»ã‚ュリティã¯æ¥½ã—ã„ã‹ã? Part 2
Lavabit事件 Lavabitã¨ã„ã†åå‰ã‚’ã¿ãªã•ã‚“ã”å˜çŸ¥ã ã‚ã†ã‹ã€‚NSAã®ç›£è¦–活動ã«ã¤ã„ã¦å†…部リークを行ã£ãŸ Edward Snowdenæ°ãŒåˆ©ç”¨ã—ã¦ã„ãŸãƒ¡ãƒ¼ãƒ«ã‚µãƒ¼ãƒ“スã¨ã—ã¦ä»Šå¹´ã®å¤ã«ä¸€èºæœ‰åã«ãªã£ãŸã¨ã“ã‚ã 。Snowdenæ°ã¯é¦™æ¸¯ã«æ»žåœ¨ã—ã¦è¤‡æ•°ã®ã‚¸ãƒ£ãƒ¼ãƒŠãƒªã‚¹ãƒˆã«NSAã®å†…éƒ¨æƒ…å ±ã‚’æä¾›ã—ãŸã‚ã¨ã€ç¾åœ¨ã¯ãƒã‚·ã‚¢ã«ä¸€æ™‚亡命ã—ã¦ã„ã‚‹ãŒã€äº¡å‘½ãŒèªã‚られるå‰ã«ãƒ¢ã‚¹ã‚¯ãƒ¯ç©ºæ¸¯ã«ã—ã°ã‚‰ã滞在ã—ã¦ã„ãŸã“ã¨ãŒã‚る。7月12æ—¥ã«ç©ºæ¸¯å†…ã§ãƒ—レスカンファレンスを行ã£ãŸã®ã ãŒã€ãã®æ™‚複数ã®äººæ¨©å›£ä½“ã«é€ã£ãŸæ‹›å¾…状㌠“edsnowden@lavabit.com†ã¨ã„ã†ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã‹ã‚‰ã ã£ãŸã€‚ã“ã®äº‹ãŒå ±é“ã•ã‚Œã‚‹ã¨ã€ã€Œã‚ã®ã€Snowdenæ°ãŒä½¿ã£ã¦ã„るメールサービスã¨ã„ã†ã“ã¨ã§ã€åˆ©ç”¨å¸Œæœ›è€…ãŒæ®ºåˆ°ã—ãŸã‚‰ã—ã„。(ãã‚Œã¾ã§æ–°è¦ç™»éŒ²ã¯ 200人/æ—¥ã ã£ãŸã®ãŒã€4,000人/æ—¥ã¨20å€ã«ãªã£ãŸã€‚) ã—ã‹ã—ãã‚“ãªè¡¨ã®é¨’å‹•ã®å½±ã§ã€
ベリサインã€SSLサーãƒè¨¼æ˜Žæ›¸ã§æ¥•å††æ›²ç·šæš—å·ã¨DSAã«å¯¾å¿œ
日本ベリサインã¯ã€SSLサーãƒè¨¼æ˜Žæ›¸ç™ºè¡Œã‚µãƒ¼ãƒ“ス「マãƒãƒ¼ã‚¸ãƒ‰ PKI for SSLã€ã®å¯¾å¿œã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ を拡大ã—ã€RSAã«åŠ ãˆã€Œæ¥•å††æ›²ç·šæš—å·ï¼ˆElliptic CurveCryptography:ECC)ã€ã¨ã€Œãƒ‡ã‚¸ã‚¿ãƒ«ç½²åアルゴリズム(Digital Signature Algorithm:DSA)ã€ã«å¯¾å¿œã™ã‚‹ã€‚ 日本ベリサインã¯2月14æ—¥ã€SSLサーãƒè¨¼æ˜Žæ›¸ç™ºè¡Œã‚µãƒ¼ãƒ“ス「マãƒãƒ¼ã‚¸ãƒ‰ PKI for SSLã€ã®å¯¾å¿œã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ を拡大ã—ã€ã“ã‚Œã¾ã§ã‚µãƒãƒ¼ãƒˆã—ã¦ããŸRSAã«åŠ ãˆã€ã€Œæ¥•å††æ›²ç·šæš—å·ï¼ˆElliptic CurveCryptography:ECC)ã€ãªã‚‰ã³ã«ã€Œãƒ‡ã‚¸ã‚¿ãƒ«ç½²åアルゴリズム(Digital Signature Algorithm:DSA)ã€ã«å¯¾å¿œã™ã‚‹ã“ã¨ã‚’発表ã—ãŸã€‚ ECCã¯ã€RSAã«æ¯”ã¹ã€çŸã„éµé•·ã§é«˜ã„安全性を確ä¿ã§ãã‚‹ã“ã¨ãŒç‰¹å¾´ã®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã 。ECC 256ビットã§RSA
1
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
{{#tags}}- {{label}}
{{/tags}}