OpenSSL TLS Heartbeat Security Issue
matthew at FreeBSD.org
Tue Apr 8 18:07:55 UTC 2014
On 08/04/2014 18:26, Michael Grimm wrote:
> Does one need to recompile all ports that depend on that openssl port?
> Or, would it be sufficient to restart all relevant server processes
> after upgrading to 1.0.1_10?
You need to install the patched library and restart all the software
that uses it for TLS, *and* *then* (depending on degree of paranoia) get
all of your SSL certs re-issued against a different private key. Your
CA may or may not charge you for doing that.
In principle you could have a statically linked copy of nginx or slapd
or whatever that would need recompiling, but in practice that would be a
pretty bizarre thing to have on a normal server or desktop machine.
Dr Matthew J Seaman MA, D.Phil.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1036 bytes
Desc: OpenPGP digital signature
More information about the freebsd-questions