Welcome! Log In Create A New Profile


OT: OpenSSL 1.0.1f

This forum is currently read only. You can not log in or make any changes. This is a temporary situation.
Jeffrey Walton
January 06, 2014 03:42PM
OpenSSL 1.0.1f was released today. It might be a good time to rebuild
all the versions of nginx using static versions of OpenSSL.

There are three CVE remediations included in the release:
CVE-2013-4353, CVE-2013-6449, CVE-2013-6450.

It does not look like 1.0.1f changed the default behavior of
ENGINE_rdrand (coderman's been following it).

1.0.1f added hostname and email verification routines so programs no
longer have to do it themselves.

There's also an Apple SecureTransport bug workaround. Apple's
SecrureTransport does not properly negotiate ECDHE-ECDSA cipher
suites. It affects Mac OS X and could affect iOS. It might be prudent
to add SSL_OP_SAFARI_ECDHE_ECDSA_BUG by default.

nginx mailing list
Subject Author Posted

OT: OpenSSL 1.0.1f

Jeffrey Walton January 06, 2014 03:42PM

Re: OT: OpenSSL 1.0.1f

Rob Stradling January 06, 2014 04:04PM

Re: OT: OpenSSL 1.0.1f

Rob Stradling January 07, 2014 05:00AM

RE: OT: OpenSSL 1.0.1f

Lukas Tribus January 06, 2014 05:06PM

Re: OT: OpenSSL 1.0.1f

coderman January 07, 2014 12:38PM

Re: OT: OpenSSL 1.0.1f

coderman January 07, 2014 12:42PM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 07, 2014 02:43PM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 08, 2014 05:08AM

Re: OT: OpenSSL 1.0.1f

Aidan Scheller January 09, 2014 12:18AM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 09, 2014 03:51AM

Online Users

Guests: 295
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready