[OpenSSL] /etc/ssl/cert.pem not honoured by default
Dan Lukes
dan at obluda.cz
Fri Dec 18 16:55:24 UTC 2015
On 18.12.2015 16:47, rhi wrote:
> Or is it recommended to let ports use the port OpenSSL, so that base OpenSSL
> is only used for the system itself?
On 9.x-R (still considered supported version) the base's OpenSSL is so
old for today's SSL server. The best TLS version supported is 1.0 which
is considered unacceptable old for some recent SSH clients.
You have almost no choice but port's OpenSSL (if you wish to provide a
SSL server, of course) here.
Dan
More information about the freebsd-security
mailing list