View previous topic :: View next topic |
Author |
Message |
Schnulli Guru
Joined: 25 Jun 2010 Posts: 320 Location: Bremen DE
|
Posted: Sat Apr 12, 2014 2:57 pm Post subject: openSSL 0.9.8 clean or not, is a Backport in need? |
|
|
Hi @all
Topic openSSL Heartleak(Backdoor)
is openSSL 0.9.8 clean or not, is a Backport in need?
I investigated that Version 0.9.8 seems to be clean....... should it be usefull to switch back and have it again safely working?
Anyone ideas?
Best regards
SN |
|
Back to top |
|
|
gerdesj l33t
Joined: 29 Sep 2005 Posts: 621 Location: Yeovil, Somerset, UK
|
Posted: Sat Apr 12, 2014 4:17 pm Post subject: Re: openSSL 0.9.8 clean or not, is a Backport in need? |
|
|
0.9.8 is "clean" with regards Heartbleed but will lack additional features and bug fixes that the later versions have. 0.9.8y is the only version in the tree.
1.0.1g is available and has the fix included in it.
All other versions of OpenSSL are either unavailable in Portage or masked.
It's your choice which to use - personally I use 1.0.1g. If you are not running a server then note that Chrome and Firefox use NSS and not OpenSSL so your exposure will be minimal. Email clients on the other hand ...
Cheers
Jon
PS A more specific question may get the answer you are looking for |
|
Back to top |
|
|
Schnulli Guru
Joined: 25 Jun 2010 Posts: 320 Location: Bremen DE
|
Posted: Sat Apr 12, 2014 6:10 pm Post subject: |
|
|
Hi to UK,
naa, dont need a Discussion, just to have it discussed, google and other bots will find it now (sorry) We all know that most Linux (and other Systems) Users cannot use our nice working Gentoo SSL
Regards and a good day from Germany to UK
SN |
|
Back to top |
|
|
|