From owner-freebsd-questions@freebsd.org Thu Mar 25 15:38:58 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 963995C1CF2 for ; Thu, 25 Mar 2021 15:38:58 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F5q5Z3qb4z3ln3 for ; Thu, 25 Mar 2021 15:38:58 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "R3" (verified OK)) (Authenticated sender: matthew/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 592A0D68F for ; Thu, 25 Mar 2021 15:38:58 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from PD0786.local (130.31-255-62.static.virginmediabusiness.co.uk [62.255.31.130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id E486411C93 for ; Thu, 25 Mar 2021 15:38:55 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/E486411C93; dkim=none; dkim-atps=neutral Subject: Re: [matt@openssl.org: [openssl] OpenSSL_1_1_1k create] To: freebsd-questions@freebsd.org References: From: Matthew Seaman Message-ID: <71cce945-dc94-0fdf-eb3f-718bc0cce195@FreeBSD.org> Date: Thu, 25 Mar 2021 15:38:54 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2021 15:38:58 -0000 On 25/03/2021 13:58, The Doctor via freebsd-questions wrote: > Will the FreeBSD kernel need updating from 10 to 14 ? > Given that FreeBSD 10 is well out of support, then yes, if these OpenSSL problems are important for your use case, then you should upgrade. It might be obvious, but "out of support" means "no more security fixes" -- not everyone seems to get that. You don't necessarily have to upgrade all the way to 14 (which isn't even a released version yet) -- there will be fixes for all of the security problems publicised in this OpenSSL release, even if that doesn't go as far as importing OpenSSL 1.1.1k on all branches. Cheers, Matthew