back to article OpenSSL patches crash-me bug triggered by rogue certs

A bug in OpenSSL certificate parsing leaves systems open to denial-of-service attacks from anyone wielding an explicit curve.  The vulnerability stems from a bug in the BN_mod_sqrt() function, which the OpenSSL team said is used to parse certificates that "contain elliptic curve public keys in compressed form or explicit …

  1. stiine Silver badge

    oh joy

    I guess I should change my systems from using 3fa (username/password/certficate/OTP) to using username/password/OTP+ip restriction...

    1. MJB7

      Re: oh joy

      Or you could just upgrade to the latest OpenSSL.

      Also, not sure what the point of the "username" in your list is - a certificate is a perfectly fine identifier.

  2. Richard Pennington 1
    Paris Hilton

    In the other hand ...

    I know several ladies with explicit curves...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like