Date: Wed, 31 Jul 2002 12:22:40 -0700 From: Aditya <aditya@grot.org> Cc: freebsd-security@freebsd.org Subject: temporary workaround for most recent openssl remote exploit? Message-ID: <lok7nbvh1b.fsf@mighty.grot.org>
next in thread | raw e-mail | index | archive | help
The following message is a courtesy copy of an article that has been posted to gmane.comp.apache.mod-ssl.user as well. The FreeBSD Security Advisory FreeBSD-SA-02:33.openssl says: IV. Workaround Disabling the SSL2 protocol in server applications should render server exploits harmless. There is no known workaround for client applications. and while I'm upgrading my systems, to limit my window of exposure, if I restart my Apache servers, with: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL (change +SSLv2 to -SSLv2) rather than the default: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL will that be sufficient as a workaround? Thanks, Adi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lok7nbvh1b.fsf>