OpenSSL Security Advisory [11 Jun 2015]

Andrea Venturoli ml at
Fri Jun 12 06:37:28 UTC 2015

On 06/12/15 01:34, Michelle Sullivan wrote:
> Roger Marquis wrote:
>> The ports-secteam knows about this but posting here in case someone wants to
>> update ahead of the port, from this morning's Hackernews:
>>   <>
> *wonders how this will affect 8.x & 9.x* (seems to be no fix for 0.9.8
> which 8.4 and 9.3 has 0.9.8zd in base - i expect 8.4 to get ignored as
> it EoLs on Jun 30, 2015, but 9.3 EoLs on Dec 31, 2016)
> Michelle

Sorry for jumping in...
As I understood it, this new version will just do what one can manually 
do by tweaking configuration files (i.e. disable weak ciphers/short keys).
Is it so?

In other words, servers can be secured without applying this patch; on 
the other hand, simply upgrading makes the job easier and will also fix 
some daemon you might have forgotten.
Am I right?

Can someone please confirm or deny?

  bye & Thanks

More information about the freebsd-ports mailing list