On 06/12/15 01:34, Michelle Sullivan wrote:
Roger Marquis wrote:
The ports-secteam knows about this but posting here in case someone wants to
update ahead of the port, from this morning's Hackernews:
<https://www.openssl.org/news/secadv_20150611.txt>
*wonders how this will affect 8.x & 9.x* (seems to be no fix for 0.9.8
which 8.4 and 9.3 has 0.9.8zd in base - i expect 8.4 to get ignored as
it EoLs on Jun 30, 2015, but 9.3 EoLs on Dec 31, 2016)
Michelle
Sorry for jumping in...
As I understood it, this new version will just do what one can manually
do by tweaking configuration files (i.e. disable weak ciphers/short keys).
Is it so?
In other words, servers can be secured without applying this patch; on
the other hand, simply upgrading makes the job easier and will also fix
some daemon you might have forgotten.
Am I right?
Can someone please confirm or deny?
bye & Thanks
av.
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
