* Jeremie Marguerie [140409 15:28]:
> Yes the private keys can be compromised, but the perfect secrecy
> should ensure that unless someone was doing an active MITM and had the
> private key, the communications were safe.
As the communication was part of the data transported with the ssl
library t
Yes the private keys can be compromised, but the perfect secrecy
should ensure that unless someone was doing an active MITM and had the
private key, the communications were safe.
On Wed, Apr 9, 2014 at 3:06 PM, Artikel-140 wrote:
> Hi,
>
> If Perfect Forward Secrecy is enabled, it there still a c
Hi,
If Perfect Forward Secrecy is enabled, it there still a change that the
private keys are compromised? This is the hole point about PFS, right?
Grtz,
On 04/09/2014 02:15 PM, bsod wrote:
> Am 2014-04-09 13:38, schrieb Vladislav Kurz:
>> So, why does openssh-server depend on libssl ?
> oh... m
Am 2014-04-09 13:38, schrieb Vladislav Kurz:
So, why does openssh-server depend on libssl ?
oh... my bad, searched for dependencies openssl instead of libssl.
However, it still does not use TLS and is therefore not concerned by
bugs in the heartbeat extension to it.
Kind regards,
Chris
--
Hi there
Vladislav Kurz wrote:
So, why does openssh-server depend on libssl ?
ldd /usr/sbin/sshd says it needs libcrypto.so, which is part of openssl?
Maybe the question should be does SSH use a heartbeat?
Regards,
Rob
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
On 13:26 Wed 09 Apr , bsod wrote:
> Am 2014-04-09 12:42, schrieb Rob van der Putten:
> >According to a post on slashdot SSH is not effected. I don't know if
> >this is correct.
>
> (Open-)SSH is not affected as it does not use openssl at all. Should be the
> same for other SSH daemons like dro
On Wednesday 09 of April 2014 13:26:06 bsod wrote:
> Am 2014-04-09 12:42, schrieb Rob van der Putten:
> > According to a post on slashdot SSH is not effected. I don't know if
> > this is correct.
>
> (Open-)SSH is not affected as it does not use openssl at all. Should be
> the same for other SSH d
Am 2014-04-09 12:42, schrieb Rob van der Putten:
According to a post on slashdot SSH is not effected. I don't know if
this is correct.
(Open-)SSH is not affected as it does not use openssl at all. Should be
the same for other SSH daemons like dropbear as they are not using TLS
in SSH Protocol
On Wednesday, 2014-04-09 at 12:42:16 +0200, Rob van der Putten wrote:
> AFAIK all services that use TLS + open-ssl are effected.
> I generated new keys for Apache, Asterisk, Exim and imap and
> restarted those services.
> According to a post on slashdot SSH is not effected. I don't know if
> this
On Wed, Apr 09, 2014 at 10:51:42AM +0300, Henrik Ahlgren wrote:
If new services will be added to the restart check list, I think both
puppet and puppetmaster should be included, too.
The service snmpd should be restarted as well. At least checkrestart says
so.
Shade and sweet water!
Hi there
Salvatore Bonaccorso wrote:
Yes this is unfortunately a bug in that part of the libssl1.0.0
postinst! apache2 is also affected and should be restarted after the
openssl update.
AFAIK all services that use TLS + open-ssl are effected.
I generated new keys for Apache, Asterisk, Exim a
I've seen pound has this issue, sites which use pound as proxy need to
restart pound manually, before that is done it doesnt use the newly
installed openssl.
2014-04-09 09:51, Henrik Ahlgren skrev:
On Tue, Apr 08, 2014 at 08:24:52PM +0200, Salvatore Bonaccorso wrote:
Yes this is unfortunately
On Tue, Apr 08, 2014 at 08:24:52PM +0200, Salvatore Bonaccorso wrote:
> Yes this is unfortunately a bug in that part of the libssl1.0.0
> postinst! apache2 is also affected and should be restarted after the
> openssl update.
If new services will be added to the restart check list, I think both
pup
13 matches
Mail list logo
