Valient Gough wrote:

Hi Tom,

I don't know if there is any tracking of OpenSSL bugs. While testing out user reports of 0.9.8e incompatibility, I narrowed it down to an OpenSSL problem and sent a simple test case to the OpenSSL mailing list.

http://www.mail-archive.com/openssl-users@openssl.org/msg48671.html

I haven't dug through OpenSSL to determine the entire extent of the problem. I believe it causes Blowfish to use 128-bit encryption no matter what key length you specify.

Valient

Thanks for getting back to me. I would be grateful if you could test my patched build, available here: http://www.archlinux.org/~tom/packages/openssl-0.9.8e-3.pkg.tar.gz PKGBUILD and patch here: http://www.archlinux.org/~tom/packages/openssl/ T. P.S. I've already posted this on our public dev list, but as you may not be a subscriber, I'm sending it to you directly also.