Mark Felder wrote: >> Base OpenSSL in still supported releases is too old version and doesn't >> support TLS 1.2 as well. >> >> Either TLS 1.0 is so insecure and should not be used, or is secure >> enough for FreeBSD.
> When the FreeBSD 8.0 (2009) and 9.0 (2012) releases were cut we didn't > have these vulnerabilities or problems. All security patches are released because of something discovered after release. So it is nothing new nor special. But it's not the matter of my comment. As far as I know, there has been no discussion on FreeBSD Security related to fact that FreeBSD 9 will not receive security patches for particular known security issue. Nor even announcement, if it has been considered no topic for discussion here. So I'm confused (as claimed in previous comment). Other the issue is not so severe, then I don't understand why TLS 1.0 needs to be disabled on forums. Or it is so severe so I don't understand why there is still no Security Advisory dedicated to it. Well, there may be no solution known - but even in such case the issue should be announced. Dan _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
