Date: Tue, 08 Apr 2014 09:45:21 -0400 From: Mike Tancsa <mike@sentex.net> To: d@delphij.net, Thomas Steen Rasmussen <thomas@gibfest.dk>, freebsd-security@freebsd.org Subject: Re: http://heartbleed.com/ Message-ID: <5343FD71.6030404@sentex.net> In-Reply-To: <53431275.4080906@delphij.net> References: <53430F72.1040307@gibfest.dk> <53431275.4080906@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/7/2014 5:02 PM, Xin Li wrote: >> >> The implications of this vulnerability are pretty massive, >> certificates will need to be replaced and so on. I don't want to >> repeat the page, so go read that. > > We are already working on this but building, reviewing, etc. would > take some time. > > Attached is the minimal fix (extracted from upstream git repository) > we are intending to use in the advisory for those who want to apply a > fix now, please DO NOT use any new certificates before applying fixes. Hi, I am trying to understand the implications of this bug in the context of a vulnerable client, connecting to a server that does not have this extension. e.g. a client app linked against 1.xx thats vulnerable talking to a server that is running something from RELENG_8 in the base (0.9.8.x). Is the server still at risk ? Will the client still bleed information ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5343FD71.6030404>