[arch-dev-public] [Fwd: Fw: OpenSSL 0.9.8e has serious bug]

Tom K tom at archlinux.org
Fri Apr 20 09:47:25 EDT 2007

Valient Gough wrote:
> Hi Tom,
> I don't know if there is any tracking of OpenSSL bugs.  While testing 
> out user reports of 0.9.8e incompatibility, I narrowed it down to an 
> OpenSSL problem and sent a simple test case to the OpenSSL mailing list.
> http://www.mail-archive.com/openssl-users@openssl.org/msg48671.html
> I haven't dug through OpenSSL to determine the entire extent of the 
> problem.  I believe it causes Blowfish to use 128-bit encryption no 
> matter what key length you specify.
> Valient

Thanks for getting back to me. I would be grateful if you could test my 
patched build, available here:
PKGBUILD and patch here:


P.S. I've already posted this on our public dev list, but as you may not 
be a subscriber, I'm sending it to you directly also.

More information about the arch-dev-public mailing list