From: | Adam Carter <adamcarter3@×××××.com> | ||
---|---|---|---|
To: | "gentoo-user@l.g.o" <gentoo-user@l.g.o> | ||
Subject: | Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds | ||
Date: | Thu, 03 Mar 2016 05:10:35 | ||
Message-Id: | CAC=wYCFp=FjJRsfDPhOZQ8PhoP8DSmnEKCyHEC-GrLoCA6sbSw@mail.gmail.com | ||
In Reply to: | Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds by Rich Freeman |
1 | FYI for anyone concerned about this latest issue "DROWN" - its only a |
2 | problem if SSLv2 is enabled. SSLv2 has been broken for a long time, so |
3 | should be disabled. However, if it is exposed then an attacker can retrieve |
4 | the private key, and in doing so will be able to also decrypt secure TLS |
5 | 1.2+ sessions to any server using that private key. |
6 | |
7 | https://www.openssl.org/news/secadv/20160301.txt |