Date: Fri, 21 Jun 2024 12:18:27 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 279891] freebsd-update fetch does not use any TLS which is a security risk Message-ID: <bug-279891-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279891 Bug ID: 279891 Summary: freebsd-update fetch does not use any TLS which is a security risk Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: p5B2EA84B3@t-online.de Fetching system components without any Transport Layer Security must be considered as an exposure to mitm-risks. Please be advised that multiple policies in professional environments were rolled out that require TLS on ANY network connection.=20 This means that FreeBSD will fail passing security audits due to that probl= em where there is such requirements. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-279891-227>