Date: Wed, 20 May 2015 23:40:46 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: security@freebsd.org Cc: ports@freebsd.org Subject: LogJam exploit can force TLS down to 512 bytes, does it affect us? ? Message-ID: <201505202140.t4KLekE6081029@fire.js.berklix.net>
next in thread | raw e-mail | index | archive | help
Hi security@freebsd.org (& bcc'd a couple of friends) Refa: http://www.bbc.com/news/technology-32814309 (posted 5 hours before Wed May 20 23:01:22 CEST 2015) http://www.theregister.co.uk/2015/05/20/logjam_impact/ 20 May 2015 at 16:29 Does it affect FreeBSD ? If so, I guess security-officer@ will already be drafting a notification; If not, might it be good PR anyway to put out a brief summary / statement on a mail list or web page ? Latest advisories are old & don't refer to this TLS. http://www.freebsd.org/security/advisories.html is 2015-04-07 http://lists.freebsd.org/pipermail/freebsd-security-notifications/2015-April/date.html 7th April PS Though src/ is traditionaly prime concern, I cc'd ports@ too, re. the 24,064 ported packages in http://www.freebsd.org/ports/ Cheers, Julian -- Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com Indent previous with "> ". Reply Below as a play script. Send plain text, Not quoted-printable, HTML, or base64.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505202140.t4KLekE6081029>