Welcome! Log In Create A New Profile

OT: OpenSSL 1.0.1f

Forum List Message List New Topic Print View

Jeffrey Walton

January 06, 2014 03:42PM

OpenSSL 1.0.1f was released today. It might be a good time to rebuild
all the versions of nginx using static versions of OpenSSL.

There are three CVE remediations included in the release:
CVE-2013-4353, CVE-2013-6449, CVE-2013-6450.
http://www.openssl.org/news/openssl-1.0.1-notes.html.

It does not look like 1.0.1f changed the default behavior of
ENGINE_rdrand (coderman's been following it).

1.0.1f added hostname and email verification routines so programs no
longer have to do it themselves.

There's also an Apple SecureTransport bug workaround. Apple's
SecrureTransport does not properly negotiate ECDHE-ECDSA cipher
suites. It affects Mac OS X and could affect iOS. It might be prudent
to add SSL_OP_SAFARI_ECDHE_ECDSA_BUG by default.
http://www.mail-archive.com/openssl-dev@openssl.org/msg32629.html.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
OT: OpenSSL 1.0.1f	Jeffrey Walton	January 06, 2014 03:42PM
Re: OT: OpenSSL 1.0.1f	Rob Stradling	January 06, 2014 04:04PM
Re: OT: OpenSSL 1.0.1f	Rob Stradling	January 07, 2014 05:00AM
RE: OT: OpenSSL 1.0.1f	Lukas Tribus	January 06, 2014 05:06PM
Re: OT: OpenSSL 1.0.1f	coderman	January 07, 2014 12:38PM
Re: OT: OpenSSL 1.0.1f	coderman	January 07, 2014 12:42PM
Re: OT: OpenSSL 1.0.1f	itpp2012	January 07, 2014 02:43PM
Re: OT: OpenSSL 1.0.1f	itpp2012	January 08, 2014 05:08AM
Re: OT: OpenSSL 1.0.1f	Aidan Scheller	January 09, 2014 12:18AM
Re: OT: OpenSSL 1.0.1f	itpp2012	January 09, 2014 03:51AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 159

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018