Archives
Archives
| From: | Adam Carter <adamcarter3@×××××.com> | ||
|---|---|---|---|
| To: | "gentoo-user@l.g.o" <gentoo-user@l.g.o> | ||
| Subject: | Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds | ||
| Date: | Thu, 03 Mar 2016 05:10:35 | ||
| Message-Id: | CAC=wYCFp=FjJRsfDPhOZQ8PhoP8DSmnEKCyHEC-GrLoCA6sbSw@mail.gmail.com | ||
| In Reply to: | Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds by Rich Freeman |
||
| 1 | FYI for anyone concerned about this latest issue "DROWN" - its only a |
| 2 | problem if SSLv2 is enabled. SSLv2 has been broken for a long time, so |
| 3 | should be disabled. However, if it is exposed then an attacker can retrieve |
| 4 | the private key, and in doing so will be able to also decrypt secure TLS |
| 5 | 1.2+ sessions to any server using that private key. |
| 6 | |
| 7 | https://www.openssl.org/news/secadv/20160301.txt |