Jump to content

Prepare yourself: more problems with OpenSSL


Recommended Posts

I was using SSL on my site for awhile but all the moving around i do i gave up using it. People come to my site i guess for one main reason to leech and leave.

Link to comment
Share on other sites

Of course, but be aware that any communication you have that doesn't travel the line as plain text has I would say at least a 90% chance of using OpenSSL for the crypto. The question isn't really "is this going to hurt" but "how much is this going to hurt". Our support staff here is on standby, waiting for the announcement so we can quickly move on the appropriate response.

Link to comment
Share on other sites

And the advisory is out: http://openssl.org/news/secadv_20150319.txt
In all, nothing particularly shocking. A few DoS attack options which, while annoying, shouldn't pose that much of a problem anywhere.

Associated CVE's (as they appear in the advisory, so in order of severity):
CVE-2015-0291 NVD
CVE-2015-0204 NVD
CVE-2015-0290 NVD
CVE-2015-0207 NVD
CVE-2015-0286 NVD
CVE-2015-0208 NVD
CVE-2015-0287 NVD
CVE-2015-0289 NVD
CVE-2015-0292 NVD
CVE-2015-0293 NVD
CVE-2015-1787 NVD
CVE-2015-0285 NVD
CVE-2015-0209 NVD
CVE-2015-0288 NVD

What I want to know is how many of these apply to LibreSSL, if any. A number of these sound like things those folks would've ripped out in the early post-fork days.

Edited by Cooper
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...