Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 23 Mar 2015 14:09:16 -0400
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        "Philip M. Gollucci" <pgollucci@p6m7g8.com>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r280306 - in head: secure/lib/libcrypto secure/lib/libssl sys/sys
Message-ID:  <551056CC.10903@FreeBSD.org>
In-Reply-To: <CACM2dAaREzFt1LfF9YRYsO7nJ0Uv7Bckt_Epgb=Vj9R0VfZikQ@mail.gmail.com>
References:  <201503202348.t2KNmCM0033402@svn.freebsd.org> <CACM2dAaREzFt1LfF9YRYsO7nJ0Uv7Bckt_Epgb=Vj9R0VfZikQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/23/2015 11:35, Philip M. Gollucci wrote:
> What about SSLv3 due to POODLE ?

IMHO, it is too early to remove SSLv3 support because it is still
widely used although there are known vulnerabilities.  Please use
OpenSSL from ports, i.e., security/openssl, i.e., turn off both SSL2
and SSL3 options and compile all ports with it.

Jung-uk Kim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVEFbGAAoJEHyflib82/FGtH0H/jEr8VI2EIh4T0qmOyaXbwEg
Aqz6sIO1AJe/PultpqEMSUWPKofHNH4YstOcaHQ421g22tcGjK3VgwhzSG97IPjH
vlSY3451DDw0FzQVD20N3c8B0tjnrM2QD9K+wULvE74W9Yu6woSgQN/kLqhGnuss
qPM3MemKNYq5euGnWVzXaY+IuDHFf8CFKanpymVFc378rV/M4tgXJbesNOX9Koiv
VC7tvfn7slsr/bHSqC6zdDNk5BkL3iaNGceHweMeIQ8HeTtglESVjjOnBMayxsYS
YKapEONNnhVh+Waq2jH0JylDIfotWMylvxFRLlW99oSPnvVHOMhsr+gEh6LxZGQ=
=a8q9
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?551056CC.10903>