Re: FreeBSD-SA-04:05.openssl question
On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote:
> --- Dag-Erling Sm?rgrav <des@des.no> wrote:
> > From the URL you mentioned: "Most applications have no ability to use
> > Kerberos ciphersuites and will therefore be unaffected."
>
> Do you imply that applications with ability to use Kerberos
> ciphersuites are impossible to be implemented for current versions of FreeBSD?
The text before the above quoted "Most applications have no ability..."
read
A remote attacker could perform a carefully crafted SSL/TLS handshake
against a server configured to use Kerberos ciphersuites [...]
Instead of asking about impossibility in the abstract, ask if you do run
servers that support Kerberos cipthersuites and, if yes, how to configure
your software to not use them.
Cheers.
--
Ng Pheng Siong <ngps@netmemetic.com>
http://firewall.rulemaker.net -+- Firewall Change Management & Version Control
http://sandbox.rulemaker.net/ngps -+- Open Source Python Crypto & SSL
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 4 之 7 篇):