On Thu, Apr 10, 2014 at 10:56 AM, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > If your reliance on OpenSSL bugs being fixed requires a fix at a rate faster > than what the FreeBSD community provides, then you should not rely on the > FreeBSD community. Install OpenSSL on your mission-critical systems from > OpenSSL source, not from FreeBSD ports or packages.
I really don't think one needs to go this far. The workaround provided in the original OpenSSL advisory, recompiling with -DOPENSSL_NO_HEARTBEATS, was directly applicable to FreeBSD. For anyone unsure exactly where to effect that option, it was discussed on this very list. Also posted on this list was a working patch containing the actual fix, on Monday afternoon. So yes, if you want a fully tested, reviewed and supported fix, you had to wait, but anyone in desperate need of an immediate fix had options that didn't involve ditching FreeBSD's OpenSSL. -nd. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
