Hi guys, Is there any specific reason why openssl 1.0.1g is used by default? Yocto is using 1.0.1j in master to address some security issues (SSLv3 protocol vulnerability). If there is a strong reason to stay on 1.0.1g, I suggest we apply sslv3 patches otherwise we just remove this line.
https://git.yoctoproject.org/cgit/cgit.cgi/meta-fsl-ppc/tree/conf/machine/include/qoriq-default-versions.inc PREFERRED_VERSION_openssl = "1.0.1g" Cheers Sona Sona Sarmadi Software Engineer/Security Responsible for Enea Linux Enea Jan Stenbecks torg 17, Box 1033, SE-164 21 Kista, Sweden Direct: +46 8 5071 4475 Mobile: +46 70 971 4475 sona.sarm...@enea.com<mailto:sona.sarm...@enea.com> www.enea.com<http://www.enea.com/> [cid:image002.jpg@01CFDC00.44AA35B0] This message, including attachments, is CONFIDENTIAL. It may also be privileged or otherwise protected by law. If you received this email by mistake please let us know by reply and then delete it from your system; you should not copy it or disclose its contents to anyone.
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
