Date: Fri, 12 Jun 2015 08:37:11 +0200 From: Andrea Venturoli <ml@netfence.it> To: Michelle Sullivan <michelle@sorbs.net>, marquis@roble.com Cc: secteam@FreeBSD.org, freebsd-ports@freebsd.org Subject: Re: OpenSSL Security Advisory [11 Jun 2015] Message-ID: <557A7E17.5040304@netfence.it> In-Reply-To: <557A1B16.3060606@sorbs.net> References: <20150611183848.2D328F4C@hub.freebsd.org> <557A1B16.3060606@sorbs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/12/15 01:34, Michelle Sullivan wrote: > Roger Marquis wrote: >> The ports-secteam knows about this but posting here in case someone wants to >> update ahead of the port, from this morning's Hackernews: >> >> <https://www.openssl.org/news/secadv_20150611.txt>; >> > > *wonders how this will affect 8.x & 9.x* (seems to be no fix for 0.9.8 > which 8.4 and 9.3 has 0.9.8zd in base - i expect 8.4 to get ignored as > it EoLs on Jun 30, 2015, but 9.3 EoLs on Dec 31, 2016) > > Michelle > Sorry for jumping in... As I understood it, this new version will just do what one can manually do by tweaking configuration files (i.e. disable weak ciphers/short keys). Is it so? In other words, servers can be secured without applying this patch; on the other hand, simply upgrading makes the job easier and will also fix some daemon you might have forgotten. Am I right? Can someone please confirm or deny? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?557A7E17.5040304>