Oh joy, "password timing" attacks come to SSL.
e.g. CVE-2022-4304 Published 2023-02-08T20:15:00 A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.
Begin forwarded message:
Date: Wed, 22 Feb 2023 11:09:09 +0000 (GMT) From: updates@fedoraproject.org To: package-announce@lists.fedoraproject.org Subject: [SECURITY] Fedora 36 Update: openssl-3.0.8-1.fc36
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-a5564c0a3f 2023-02-22 11:06:32.699863 --------------------------------------------------------------------------------
Name : openssl Product : Fedora 36 Version : 3.0.8 Release : 1.fc36
* Thu Feb 9 2023 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.8-1 - Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves: CVE-2023-0216 Resolves: CVE-2023-0217 Resolves: CVE-2023-0286 Resolves: CVE-2023-0401