Date: Tue, 08 Apr 2014 19:07:45 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: OpenSSL TLS Heartbeat Security Issue Message-ID: <53443AF1.2070404@FreeBSD.org> In-Reply-To: <20140408172645.58B38165B369@sulu.fritz.box> References: <20140408134425.Horde.azH0NUU2X8TUmV9kVtS2MA2@d2ux.org> <53440667.8060203@qeng-ho.org> <20140408172645.58B38165B369@sulu.fritz.box>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --EQnkqCpE75XaXdO5fb92lVrkPSvXtSdGC Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 08/04/2014 18:26, Michael Grimm wrote: > Does one need to recompile all ports that depend on that openssl port? > Or, would it be sufficient to restart all relevant server processes > after upgrading to 1.0.1_10? You need to install the patched library and restart all the software that uses it for TLS, *and* *then* (depending on degree of paranoia) get all of your SSL certs re-issued against a different private key. Your CA may or may not charge you for doing that. In principle you could have a statically linked copy of nginx or slapd or whatever that would need recompiling, but in practice that would be a pretty bizarre thing to have on a normal server or desktop machine. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --EQnkqCpE75XaXdO5fb92lVrkPSvXtSdGC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ7BAEBCgBmBQJTRDrzXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATyJUP+J0nPksPTxcmtyXNBK67iXk5 4hnvSrdg9P34wIVU4HcKZ/G8ISeLL2Mn6IDaQXBSlklORfLq0Sqb9O4vuHxX4g1J x5ObAl8uEgQTyv/SAmmwYv74AndKTqv56QM852om6D31jYCNbQ/PgSVU64t/e2Km 13azmeFNL2KUSp7tV2iQrLD84cK8vGmExj+Nij+/aUNV6X+atCC1cJ/RGlHwt+pm NKw/UXRdlmt+WMjZhUlAx/DT8n9nKxT2xMpmtcQreqaQ62kQpc9Aa0iB1DU9Ew2i PCLJKB+bpeHG7hpmG+4w6Qxh7ruCryQOAWKRvbjtXGIGLbol8Hz4jq7jhJpaL/OV Ytq6WHqF30MoH0zaz46xQaJcg5Fz7m9fYiT5qn8/+hd4W4dBrUDqy6RxQB0CrmaO gKgLqj1DM/1Jjus1Den3GjpfLMgsnMpkqvdJ5uR07dYUZRotufpLPX3hj4PNgQuP jh6RJ03fxz3IM+6woZZ+nRldU0ZBmN/KQy1rnmcOU5ugAZBSj3zDShwsvd0pXosI 6STNmf6D1QiFr+WbRU505NtOoU+l+vyX1xe/1P+QRn2FAolSj7pbpbQTg21lUCpM NItC7WC9cdwyTx2oWUshWgYHlpwZcZGvs12ne/FGaD5Ke9vgcGnypZLkPlNprfjf IDUqj3oY3IlxU8UP+XU= =ES5k -----END PGP SIGNATURE----- --EQnkqCpE75XaXdO5fb92lVrkPSvXtSdGC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53443AF1.2070404>