Date: Fri, 21 Jun 2024 12:18:27 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 279891] freebsd-update fetch does not use any TLS which is a security risk Message-ID: <bug-279891-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279891 Bug ID: 279891 Summary: freebsd-update fetch does not use any TLS which is a security risk Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: p5B2EA84B3@t-online.de Fetching system components without any Transport Layer Security must be considered as an exposure to mitm-risks. Please be advised that multiple policies in professional environments were rolled out that require TLS on ANY network connection. This means that FreeBSD will fail passing security audits due to that problem where there is such requirements. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-279891-227>