Date: Thu, 05 Jun 2014 08:57:55 -0700 From: Xin Li <delphij@delphij.net> To: Jappe Reuling <jappe@lowlife.org>, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:14.openssl Message-ID: <53909383.50608@delphij.net> In-Reply-To: <53908845.20900@lowlife.org> References: <201406051316.s55DGtGw041955@freefall.freebsd.org> <53908845.20900@lowlife.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 6/5/14, 8:09 AM, Jappe Reuling wrote: > Hi, > > One, my appologies if it's a stupid one, question: the advisory is > for DTLS, hence UDP TLS, right? DTLS should work with SCTP as well but most applications uses DTLS with UDP. Please note that this advisory have 4 issues and 2 of them were DTLS, 2 were TLS. > Normally you would run SSL (TLS a.o.) via TCP. So what would use > DTLS (in the base system) and could be vulnerable? A mailserver > using TLS and linked to the base system's openssl would be using > TCP...? The TLS ones are vulnerable to e.g. CVE-2014-0224 which allows MITM attack. Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTkJODAAoJEJW2GBstM+nsMuMP/i9u5iZqW1t3zHJ+GOg+GVF0 64wqViaCtCDad0ibHQw5Mv0otxPN+J4P7QPRRGBs1lzR/yWkjZMcjqCr6qcA8wSs KGFprvoslVU67sP5A/WQGFNPhy4IkxhhpWE/+ELBvt0qkO1J8x6mctgxbHmIg45p U6YHdh2SsY/ph2HgBOcG6lsTE3AY2xSZgCVfbHxzsioX3CoaXjpup/aSQ/mfzRJU WEtEuEyrJMiIs+tolXfaQWiPBMoGuwq8B87JJgcRaHEquMsFPeYejpk4nhYAdUlm BKdrfUbZBryYIQmpIP3yws47qFgdboqwCv7HLpXqbqVwiebx5Ioz1o07ukAAe+H5 99I/8G7DYwLRccdi4blaJZhYksiEYVMagW86DRlC/Vi/i3mQPfNHZhTO88qOgtOZ drQZeQo/3ExhgHWRa2ERToyEGntPZh1rIDAIbYh6ht4LH6VpjIvIfOQgVSHVvJjA ePFUasbC64BSXvnPEVz7awyzLJSb42fJS4vGQ4/DTbmTOP8pHW14WcxTZeA/W2j2 OPkEtlcQt8OOQlyzp05mqq/wcEFNmw8OAX+LdVU+4XwzGVq4vA467LBtHnk/J1kb uqf76t4M/j05Z4UfRV4QpYmmTlFWXa1MzjvVi3i/K0oxjiNyX9bPBkd6MLAo+dfl eX0INg7phQp+cre+Sd4c =28Xl -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53909383.50608>