On 3/11/15 9:15 AM, Gregory Shapiro wrote:
First, thank you Philip for jumping on this. Much appreciated.
This wonderful change (cough) to include SSL_OP_TLSEXT_PADDING in
SSL_OP_ALL was addressed in sendmail 8.15.1, which explicitly removes
SSL_OP_TLSEXT_PADDING from the default ClientSSLOptions value if that
#define exists. I believe Greg is working on importing that to FreeBSD.
sendmail 8.15.1 is imported into the vendor area but not merged due to an
incompatible change that is being moved into a run-time configuration variable
in 8.15.2. Rather than expose the FreeBSD populate to the churn from that
change, I am skipping 8.15.1 and will import 8.15.2.
That being said, I can certainly make the local fix that Philip mention to take
care of the padding issue. Is the new libssl in 11-CURRENT going to be/already
been MFC'ed to other branches?
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
the change is in libssl1.0.1g and later
so, yes it's already in 10
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
