Date: Thu, 18 Mar 2004 10:54:34 +0800 From: Ng Pheng Siong <ngps@netmemetic.com> To: Rostislav Krasny <rosti_bsd@yahoo.com> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-04:05.openssl question Message-ID: <20040318025434.GB875@vista.netmemetic.com> In-Reply-To: <20040318022009.52877.qmail@web14804.mail.yahoo.com> References: <xzpn06fkm5d.fsf@dwp.des.no> <20040318022009.52877.qmail@web14804.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote: > --- Dag-Erling Sm?rgrav <des@des.no> wrote: > > From the URL you mentioned: "Most applications have no ability to use > > Kerberos ciphersuites and will therefore be unaffected." > > Do you imply that applications with ability to use Kerberos > ciphersuites are impossible to be implemented for current versions of FreeBSD? The text before the above quoted "Most applications have no ability..." read A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites [...] Instead of asking about impossibility in the abstract, ask if you do run servers that support Kerberos cipthersuites and, if yes, how to configure your software to not use them. Cheers. -- Ng Pheng Siong <ngps@netmemetic.com> http://firewall.rulemaker.net -+- Firewall Change Management & Version Control http://sandbox.rulemaker.net/ngps -+- Open Source Python Crypto & SSL
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040318025434.GB875>