Date: 01 May 2002 10:19:53 -0400 From: Lowell Gilbert <lowell@world.std.com> To: freebsd-security@freebsd.org Subject: Re: Upgrading default OpenSSL Message-ID: <44pu0grlva.fsf@be-well.ilk.org> In-Reply-To: <BNADYEQAHZACRJVM4XUB4XSVVJT4OSSRPYT1ADIE@ziplip.com> References: <BNADYEQAHZACRJVM4XUB4XSVVJT4OSSRPYT1ADIE@ziplip.com>
next in thread | previous in thread | raw e-mail | index | archive | help
SolarfluX <solarflux@ziplip.com> writes: > Would this question be more appropriate for freebsd-ports, if not here? Only if you want to install from ports. > I figured the ability (or lack of) to upgrade the default OpenSSL is more of a > security issue first, then a ports issue second. That depends on your particular needs, of course. You probably wouldn't be hurting your security profile much by bringing in a different version of OpenSSL than the one in the FreeBSD base system, but there's always the risk of your screwing something up. If you're assuming that a later version of OpenSSL will be more secure than the patched earlier verson that FreeBSD includes, then you are jumping to unwarranted (and, as I already implied, likely incorrect) conclusions. > I don't want to install OpenSSL > manually using the source and have two different versions on my system. That's your choice; there's no strong objective argument either way on the point. > I > want to replace the default version 0.9.6a with 0.9.6b (0.9.6c would be really > nice). Could someone please comment on how this can (or cannot, and why) be > done? You can always build from source and install right over the top of the system versions. There is a make.conf(5) knob to tell "make world" not to build or install its version. The odds of your reducing your system's security by doing so are probably higher than your odds of improving your security, but (barring installation errors on your part) neither possibility is very likely in the big picture. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44pu0grlva.fsf>