Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl

• Previous message: Roger Marquis: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• In reply to: Peter Jeremy: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Next in thread: Ian G: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Reply: Ian G: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Reply: David Coder: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 13 Oct 2005 13:44:28 -0700
To: Peter Jeremy <PeterJeremy@optushome.com.au>

On 2005-10-12, at 12:10 :19, Peter Jeremy wrote:

> On Tue, 2005-Oct-11 09:45:53 -0700, Jacques Vidrine wrote:
>> On Oct 11, 2005, at 7:25 AM, Ian G wrote:
>>> Isn't the workaround obviously to switch off V2?
>>
>> Yes. Sorry that wasn't mentioned.
>
> That sounds like a good workaround. How do I implement it? I've
> looked through the documentation and can't find any reference to a
> runtime OpenSSL configuration file that would let me do this.

I'm not aware of a global option for OpenSSL, either. Disabling
SSLv2 would need to be handled by the application, i.e. turn off
SSLv2 for each of your SSL/TLS applications. Cheers,

-- 
Jacques Vidrine <jacques@vidrine.us>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Roger Marquis: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• In reply to: Peter Jeremy: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Next in thread: Ian G: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Reply: Ian G: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Reply: David Coder: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]