LogJam exploit can force TLS down to 512 bytes, does it affect us? ?
Julian H. Stacey
jhs at berklix.com
Wed May 20 21:41:10 UTC 2015
Hi security at freebsd.org
(& bcc'd a couple of friends)
Refa:
http://www.bbc.com/news/technology-32814309
(posted 5 hours before Wed May 20 23:01:22 CEST 2015)
http://www.theregister.co.uk/2015/05/20/logjam_impact/
20 May 2015 at 16:29
Does it affect FreeBSD ? If so, I guess security-officer@ will
already be drafting a notification; If not, might it be good PR
anyway to put out a brief summary / statement on a mail list or web page ?
Latest advisories are old & don't refer to this TLS.
http://www.freebsd.org/security/advisories.html is 2015-04-07
http://lists.freebsd.org/pipermail/freebsd-security-notifications/2015-April/date.html 7th April
PS Though src/ is traditionaly prime concern, I cc'd ports@ too,
re. the 24,064 ported packages in http://www.freebsd.org/ports/
Cheers,
Julian
--
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
Indent previous with "> ". Reply Below as a play script.
Send plain text, Not quoted-printable, HTML, or base64.
More information about the freebsd-ports
mailing list