temporary workaround for most recent openssl remote exploit?

From: Aditya (aditya@grot.org)
Date: 07/31/02

Next message: Adrian Penisoara: "Re: Are OpenSSL bugs related to OpenSSH ?"
Previous message: Jacques A. Vidrine: "Re: OpenSSL workaround"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Aditya <aditya@grot.org>
Date: Wed, 31 Jul 2002 12:22:40 -0700

The following message is a courtesy copy of an article
that has been posted to gmane.comp.apache.mod-ssl.user as well.

The FreeBSD Security Advisory FreeBSD-SA-02:33.openssl says:

IV. Workaround

  Disabling the SSL2 protocol in server applications should render
  server exploits harmless. There is no known workaround for client
  applications.

and while I'm upgrading my systems, to limit my window of exposure, if
I restart my Apache servers, with:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL

(change +SSLv2 to -SSLv2) rather than the default:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

will that be sufficient as a workaround?

Thanks,
Adi

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Adrian Penisoara: "Re: Are OpenSSL bugs related to OpenSSH ?"
Previous message: Jacques A. Vidrine: "Re: OpenSSL workaround"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

openssl workaround?
... we're told that a workaround is possible... ... Disabling the SSL2 protocol in server applications should render ... disable SSL2? ...
(FreeBSD-Security)
Re: Various File Save error messages with Word 2004 and Tiger (10.4.2) Server
... It needs to be disabled on the server too (to the best of my ... knowledge) for the workaround to work. ... > Thanks John, ... > I'm sorry I don't have more specifics about an intermittent Word 2004 ...
(microsoft.public.mac.office.word)
Re: SQL Cluster environments - serious problem NT AUTHORITYANONYMOUS
... I opened a case at Microsoft and they gave us a two-step workaround: ... - set the DisableStrictNameChecking registry entry to 1 ... To resolve this problem in Windows Server 2003, ... I'm trying resolve common serious problem in my cluster environments (it ...
(microsoft.public.sqlserver.clustering)
Re: SBS 2003 policy issue
... You would need to make changes in the Default Domain Controllers Policy and ... workaround to get you out of trouble. ... however access to the policy settings editor is now ... > As the GPO Editor and other services on the Server require ...
(microsoft.public.windows.server.sbs)
RE: Exchange --> Greylisting
... notifications lost in a black hole. ... server for other issues, the notification messages suddenly showed up. ... After a restart of SMTP service, Exchange suddenly finds those lost emails ... Workaround 1: Send emails to greylisting domains via an ISP Smart Host ...
(microsoft.public.exchange.admin)