OpenSSL TLS Heartbeat Security Issue
Matthew Seaman
matthew at FreeBSD.org
Tue Apr 8 18:07:55 UTC 2014
On 08/04/2014 18:26, Michael Grimm wrote:
> Does one need to recompile all ports that depend on that openssl port?
> Or, would it be sufficient to restart all relevant server processes
> after upgrading to 1.0.1_10?
You need to install the patched library and restart all the software
that uses it for TLS, *and* *then* (depending on degree of paranoia) get
all of your SSL certs re-issued against a different private key. Your
CA may or may not charge you for doing that.
In principle you could have a statically linked copy of nginx or slapd
or whatever that would need recompiling, but in practice that would be a
pretty bizarre thing to have on a normal server or desktop machine.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20140408/f8376bff/attachment.sig>
More information about the freebsd-questions
mailing list