On 05/17/15 22:20, Mark Felder:
You're not understanding the situation: the vulnerability isn't in
OpenSSL; it's a design flaw / weakness in the protocol.
Sorry, my English seems to be so poor so you don't understand my very
simple question. You are still answering other questions I didn't asked.
Last attempt. I will try ti make question as simple as possible. If it
will not help I will become silent.
TLS 1.0 *protocol* is buggy, new protocol has been implemented in new
version of OpenSSL, but such version will not be imported into FreeBSD 9
because of ABI incompatibility. Instead old version of OpenSSL and
vulnerable protocol is still used by base system libraries and
utilities. So base system IS affected by known vulnerability.
Thus I'm asking.
If TLS 1.0 is considered severe security issue AND system utilities are
using it, why there is no Security Advisory describing this system
vulnerability ?
Dan
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
