Mozilla Firefox < 43.0.2 RSA-MD5 Collision-based Forgery Weakness (SLOTH)

Binary data 9076.prm...

AIX OpenSSL Advisory : openssl_advisory16.asc (SLOTH)

The remote AIX host has a version of OpenSSL installed that is affected by a collision-based forgery vulnerability, known as SLOTH Security Losses from Obsolete and Truncated Transcript Hashes, in the TLS protocol due to accepting RSA-MD5 signatures in the server signature within the TLS 1.2...

MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature — Mozilla

Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in...

NSS -- MD5 downgrade in TLS 1.2 signatures

The Mozilla Project reports: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the acceptin...