On Fri, Feb 12, 2010 at 01:04:01PM -0700, Thomas J. Hruska wrote:
> Roger Cruz wrote:
>> I posted the following message in the stunnel group. I'm following that
>> posting here because I believe this may be an issue with the underlying
>> library which is OpenSSL. Is there a known issue with certificates for
>> version 0.9.8b that are aware of? What version of OpenSSL contains the
>> fix if there is one?
>> Roger
>
> 0.9.8b is ancient (almost 4 years old). There have been many security
> updates and patches since then. Current release is 0.9.8l (with a beta of
> 0.9.8m also available). Try updating OpenSSL first to 0.9.8l.
Also, the reported crash was in the Kerberos library, and it is unwise
to attempt to enable the Kerberos ciphers, they are obsolete and insecure
(single DES). If the Kerberos ciphers are off by default, the OP should
not enable them.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
