From owner-freebsd-security Wed Jul 31 21:38:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DC4537B400 for ; Wed, 31 Jul 2002 21:38:49 -0700 (PDT) Received: from www.cotse.net (www.cotse.net [216.112.42.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3046A43E42 for ; Wed, 31 Jul 2002 21:38:48 -0700 (PDT) (envelope-from colonel_flagg@internetwarzone.org) Received: from www.cotse.net (www.cotse.net[216.112.42.60]) (authenticated bits=0) by www.cotse.net (8.12.5/8.12.5) with ESMTP id g714c7Sr086078 for ; Thu, 1 Aug 2002 00:38:08 -0400 (EDT) (envelope-from colonel_flagg@internetwarzone.org) Message-Id: <5.1.0.14.2.20020801003255.0348b558@none.nowhere.org> X-Sender: warzone@pop.cotse.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 01 Aug 2002 00:38:46 -0400 To: freebsd-security@freebsd.org From: "Colonel Sam Flagg, U.S. Army Intelligence (ret)" Subject: openssl workaround? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm sure this was covered, but I've just joined the group, so if someone would copy/paste the answer or whatever, I would be grateful. In the recent openssl advisory, we're told that a workaround is possible... Topic: openssl contains multiple vulnerabilities IV. Workaround Disabling the SSL2 protocol in server applications should render server exploits harmless. There is no known workaround for client applications. My question is, if we must wait to make world, what's the best way to disable SSL2? /CF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message