OpenSSL Security Advisory [11 Jun 2015]
Andrea Venturoli
ml at netfence.it
Fri Jun 12 06:37:28 UTC 2015
On 06/12/15 01:34, Michelle Sullivan wrote:
> Roger Marquis wrote:
>> The ports-secteam knows about this but posting here in case someone wants to
>> update ahead of the port, from this morning's Hackernews:
>>
>> <https://www.openssl.org/news/secadv_20150611.txt>
>>
>
> *wonders how this will affect 8.x & 9.x* (seems to be no fix for 0.9.8
> which 8.4 and 9.3 has 0.9.8zd in base - i expect 8.4 to get ignored as
> it EoLs on Jun 30, 2015, but 9.3 EoLs on Dec 31, 2016)
>
> Michelle
>
Sorry for jumping in...
As I understood it, this new version will just do what one can manually
do by tweaking configuration files (i.e. disable weak ciphers/short keys).
Is it so?
In other words, servers can be secured without applying this patch; on
the other hand, simply upgrading makes the job easier and will also fix
some daemon you might have forgotten.
Am I right?
Can someone please confirm or deny?
bye & Thanks
av.
More information about the freebsd-ports
mailing list