openssl and NSA backdoor

Mike Wright mike.wright at
Sat Dec 21 20:05:33 UTC 2013

Hi all,

After Edward Snowden spilled the beans on the NSA I've become extremely 
paranoid about system security.  If not the NSA, who else?

I've been trying to find out if the versions of openssl shipped by 
fedora use the "Dual Elliptical Curve" encryption method that RSA so 
politely (for a tidy $um) made default at the request of the US's NSA. 
That is the encryption method with the NSA's very own backdoor.

If so, has it been corrected?  Is openssl even safe to use anymore? 
What about previous versions of fedora?

And what about our certificates?  Are they more or less useless now?

Where do we go from here?

If anybody is up on security I think we'd all like to know what is going 
on here esp. re fedora.

Thanks *very* much for any help on this,
Mike Wright

ps. for spit and giggles maybe everybody ought to take all their 
non-private email and CC them to the NSA.  That will give them something 
else to do with their time besides wiping their butts on the constitution.

More information about the users mailing list