Hide Forgot
Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable. For example using the following command with an unseeded openssl will succeed on an unpatched platform: openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA This issue affects OpenSSL version 1.0.2, and is fixed in version 1.0.2a. Upstream patch: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e1b568dd2462f7cacf98f3d117936c34e2849a6b Acknowledgements: Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Matt Caswell of the OpenSSL development team as the original reporter.
Statement: This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, 6, and 7.
External References: https://openssl.org/news/secadv_20150319.txt https://access.redhat.com/articles/1384453