Date: Wed, 4 Sep 2024 13:27:46 +0000 From: "Wall, Stephen" <stephen.wall@redcom.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: RE: OpenSSL Security Advisory (fwd) Message-ID: <MW4PR09MB9284CF613B5C1BB155D03A13EE9C2@MW4PR09MB9284.namprd09.prod.outlook.com> In-Reply-To: <20240903155326.C282E207@slippy.cwsent.com>
index | next in thread | previous in thread | raw e-mail
>> Possible denial of service in X.509 name checks (CVE-2024-6119) > Is this something we need to concern ourselves with? Since no one else is chiming in, I'll provide my feeble thoughts. As I read it, it primarily affects outgoing TLS connections. I.e., curl, wget, et al, and possibly (and more importantly IMO) apache/nginx proxying to another server. Speculating here: this could affect high volume web services where security is enough of a concern that the operators have enabled certificate name checks. As a commercial user of FreeBSD with security conscious customers, I would certainly like to see it fixed in a FreeBSD patch release, but in all honesty we could easily enough apply the openssl patches to our FreeBSD source tree ourselves. - Steve Wallhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MW4PR09MB9284CF613B5C1BB155D03A13EE9C2>