From owner-freebsd-security@FreeBSD.ORG  Fri Oct 14 18:11:59 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B827D16A41F
	for <freebsd-security@freebsd.org>;
	Fri, 14 Oct 2005 18:11:59 +0000 (GMT) (envelope-from iang@iang.org)
Received: from postix.sonance.net (mx2.sonance.net [62.116.45.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F0CF243D60
	for <freebsd-security@freebsd.org>;
	Fri, 14 Oct 2005 18:11:58 +0000 (GMT) (envelope-from iang@iang.org)
Received: from localhost (localhost [127.0.0.1])
	by postix.sonance.net (Postfix) with ESMTP id 07CF717B486;
	Fri, 14 Oct 2005 20:11:48 +0200 (CEST)
Received: from postix.sonance.net ([127.0.0.1])
	by localhost (zentrix [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 30195-03; Fri, 14 Oct 2005 20:11:46 +0200 (CEST)
Received: from [IPv6???1] (localhost [127.0.0.1])
	by postix.sonance.net (Postfix) with ESMTP id C763417B480;
	Fri, 14 Oct 2005 20:11:45 +0200 (CEST)
Message-ID: <434FF511.1000505@iang.org>
Date: Fri, 14 Oct 2005 19:12:33 +0100
From: Ian G <iang@iang.org>
Organization: http://iang.org/
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jacques Vidrine <jacques@vidrine.us>
References: <200510111202.j9BC2obf081876@freefall.freebsd.org>	<434BCB75.2000402@iang.org>	<B9EA75B5-B5AE-4164-A91E-061E5AECCC5B@vidrine.us>	<20051012191019.GJ2482@cirb503493.alcatel.com.au>
	<47D785F8-E28E-4753-ABE9-8627107D9038@vidrine.us>
In-Reply-To: <47D785F8-E28E-4753-ABE9-8627107D9038@vidrine.us>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at sonance.net
Cc: Peter Jeremy <PeterJeremy@optushome.com.au>, freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2005 18:11:59 -0000

Jacques Vidrine wrote:
> 
> On 2005-10-12, at 12:10 :19, Peter Jeremy wrote:
> 
>> On Tue, 2005-Oct-11 09:45:53 -0700, Jacques Vidrine wrote:
>>
>>> On Oct 11, 2005, at 7:25 AM, Ian G wrote:
>>>
>>>> Isn't the workaround obviously to switch off V2?
>>>
>>>
>>> Yes.  Sorry that wasn't mentioned.
>>
>>
>> That sounds like a good workaround.  How do I implement it?  I've
>> looked through the documentation and can't find any reference to a
>> runtime OpenSSL configuration file that would let me do this.
> 
> 
> I'm not aware of a global option for OpenSSL, either.  Disabling  SSLv2 
> would need to be handled by the application, i.e. turn off  SSLv2 for 
> each of your SSL/TLS applications.  Cheers,


Seems correct, no global option.  Sorry to have
got your hopes up there.

iang



-------- Original Message --------
Subject: Re: [Fwd: Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl]
Date: Fri, 14 Oct 2005 14:38:15 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Ian G <iang@iang.org>

Ian G wrote:
 > Does this sound right?  No global option in OpenSSL
 > to turn off SSL v2?

Yes.