Forums.FreeBSD.org - SSL Issue?
Dan Lukes
dan at obluda.cz
Sun May 17 21:29:36 UTC 2015
On 05/17/15 22:20, Mark Felder:
> You're not understanding the situation: the vulnerability isn't in
> OpenSSL; it's a design flaw / weakness in the protocol.
Sorry, my English seems to be so poor so you don't understand my very
simple question. You are still answering other questions I didn't asked.
Last attempt. I will try ti make question as simple as possible. If it
will not help I will become silent.
TLS 1.0 *protocol* is buggy, new protocol has been implemented in new
version of OpenSSL, but such version will not be imported into FreeBSD 9
because of ABI incompatibility. Instead old version of OpenSSL and
vulnerable protocol is still used by base system libraries and
utilities. So base system IS affected by known vulnerability.
Thus I'm asking.
If TLS 1.0 is considered severe security issue AND system utilities are
using it, why there is no Security Advisory describing this system
vulnerability ?
Dan
More information about the freebsd-security
mailing list