From owner-freebsd-security@FreeBSD.ORG Tue Apr 8 18:16:59 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1D85E6F for ; Tue, 8 Apr 2014 18:16:59 +0000 (UTC) Received: from elektropost.org (elektropost.org [217.115.13.199]) by mx1.freebsd.org (Postfix) with ESMTP id 5A0841102 for ; Tue, 8 Apr 2014 18:16:58 +0000 (UTC) Received: (qmail 20396 invoked from network); 8 Apr 2014 18:16:55 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with AES128-SHA encrypted SMTP; 8 Apr 2014 18:16:55 -0000 Message-ID: <53443CBF.60103@erdgeist.org> Date: Tue, 08 Apr 2014 20:15:27 +0200 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 CC: freebsd-security@freebsd.org Subject: Re: FreeBSD's heartbleed response References: <20140408174210.GA5433@behemoth> <53443917.7040609@sentex.net> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 18:16:59 -0000 On 08.04.14 20:05, Nathan Dorfman wrote: > Someone please correct me if I'm wrong, but I think simply adding > -DOPENSSL_NO_HEARTBEATS to crypto/openssl/Makefile (and recompiling!) is > sufficient to remove the vulnerability from the base system. You forgot to mention installing, but yes. erdgeist