Welcome! Log In Create A New Profile

Advanced

OT: OpenSSL 1.0.1f

Jeffrey Walton
January 06, 2014 03:42PM
OpenSSL 1.0.1f was released today. It might be a good time to rebuild
all the versions of nginx using static versions of OpenSSL.

There are three CVE remediations included in the release:
CVE-2013-4353, CVE-2013-6449, CVE-2013-6450.
http://www.openssl.org/news/openssl-1.0.1-notes.html.

It does not look like 1.0.1f changed the default behavior of
ENGINE_rdrand (coderman's been following it).

1.0.1f added hostname and email verification routines so programs no
longer have to do it themselves.

There's also an Apple SecureTransport bug workaround. Apple's
SecrureTransport does not properly negotiate ECDHE-ECDSA cipher
suites. It affects Mac OS X and could affect iOS. It might be prudent
to add SSL_OP_SAFARI_ECDHE_ECDSA_BUG by default.
http://www.mail-archive.com/openssl-dev@openssl.org/msg32629.html.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

OT: OpenSSL 1.0.1f

Jeffrey Walton January 06, 2014 03:42PM

Re: OT: OpenSSL 1.0.1f

Rob Stradling January 06, 2014 04:04PM

Re: OT: OpenSSL 1.0.1f

Rob Stradling January 07, 2014 05:00AM

RE: OT: OpenSSL 1.0.1f

Lukas Tribus January 06, 2014 05:06PM

Re: OT: OpenSSL 1.0.1f

coderman January 07, 2014 12:38PM

Re: OT: OpenSSL 1.0.1f

coderman January 07, 2014 12:42PM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 07, 2014 02:43PM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 08, 2014 05:08AM

Re: OT: OpenSSL 1.0.1f

Aidan Scheller January 09, 2014 12:18AM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 09, 2014 03:51AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 220
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready