Text only | Text with Images

OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: Goldorak92 on April 22, 2020, 03:56:59 PM

Title: OpenSSL vulnerability
Post by: Goldorak92 on April 22, 2020, 03:56:59 PM
Hi guys,

For information, OpenSSL published a vulnerability paper yesterday:

https://www.openssl.org/news/secadv/20200421.txt (https://www.openssl.org/news/secadv/20200421.txt)

It's impacting our Opnsense20.1.4 which is using OpenSSL 1.1.1f .

Regards,
G.
Title: Re: OpenSSL vulnerability
Post by: Marcel_75 on April 22, 2020, 04:34:30 PM
OpenSSL 1.1.1g will fix this issue as far as I know ...

Is it possible to install this directly, without waiting for a OPNsense 20.1.5 release?
Title: Re: OpenSSL vulnerability
Post by: mimugmail on April 22, 2020, 05:21:30 PM
Just disable TLS 1.3

Dont think that many guys use it already
Title: Re: OpenSSL vulnerability
Post by: franco on April 23, 2020, 08:11:35 AM
There will always be OpenSSL vulnerabilities...

20.1.5 won't include this as it is bad timing as usual. Maybe we can pick this up next week.


Cheers,
Franco
Title: Re: OpenSSL vulnerability
Post by: Goldorak92 on April 23, 2020, 04:56:04 PM
Ok, thanks for your replies Mimugmail and Franco.

Cheers,
G.
Text only | Text with Images