>> Possible denial of service in X.509 name checks (CVE-2024-6119) > Is this something we need to concern ourselves with?
Since no one else is chiming in, I'll provide my feeble thoughts. As I read it, it primarily affects outgoing TLS connections. I.e., curl, wget, et al, and possibly (and more importantly IMO) apache/nginx proxying to another server. Speculating here: this could affect high volume web services where security is enough of a concern that the operators have enabled certificate name checks. As a commercial user of FreeBSD with security conscious customers, I would certainly like to see it fixed in a FreeBSD patch release, but in all honesty we could easily enough apply the openssl patches to our FreeBSD source tree ourselves. - Steve Wall
