Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Q - openssl-1.1.1m_2,1 is vulnerable: How to solve
« previous
next »
Print
Pages: [
1
]
Author
Topic: Q - openssl-1.1.1m_2,1 is vulnerable: How to solve (Read 2331 times)
cw-me
Newbie
Posts: 9
Karma: 0
Q - openssl-1.1.1m_2,1 is vulnerable: How to solve
«
on:
March 17, 2022, 11:52:46 pm »
Hello -
After upgrading to opnsense 22.1.3, I got the message that my flavor of SSL was being let go and that I should switch to openSSL instead, I did so. However now I'm getting a security vulnerability warning.
I do my research and see where my version 111m is vulnerable but the fix is in version 111m - how do I update my openssl? I switched to it from my settings tab, I have no idea where else to find it, nor why it doesn't auto-update it's self.....
Thanks for your help,
Logged
cw-me
Newbie
Posts: 9
Karma: 0
Re: Q - openssl-1.1.1m_2,1 is vulnerable: How to solve
«
Reply #1 on:
March 18, 2022, 01:41:58 am »
I have searched for the openssl downloads, but have only found their blog with limited info and nothing on this issue. I thought I might have to learn how to download and install by hand.
I went to my packages and did a reinstall, that did not help as it just reinstalled this vulnerable versions.
I've read the OPNsense documentation about SSL - nothing I can use there.
Anyone out there. . . . .?
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Q - openssl-1.1.1m_2,1 is vulnerable: How to solve
«
Reply #2 on:
March 18, 2022, 03:35:04 am »
Check out the release notes for 22.1.3...
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Q - openssl-1.1.1m_2,1 is vulnerable: How to solve
«
Reply #3 on:
March 18, 2022, 08:14:51 am »
Patience... this one was unfortunate on timing. LibreSSL and OpenSSL and FreeBSD all released a fix on Tuesday, but e.g. OpenSSL port was only updated by FreeBSD ports on Wednesday[1]. Since we use an older LibreSSL version we also had to update the port ourselves.
Now ports and OS changes take a day to build and we decided to release Thursday the builds were finished in the night from Tuesday to Wednesday prior to inclusion of the patches... Stopping the build and redoing it would have put the release on a Friday at best or moving to Monday outright so we usually decide to release as planned and follow up the next week, likely on Tuesday or Wednesday instead.
So to reiterate: it takes about 24 hours to receive builds from the nightly infrastructure and we add 24 hours for release engineering, testing and distributing the new release so in sum it takes 48 hours to do it so you can see the Tuesday as security advisory coordination was just that: unfortunate.
Cheers,
Franco
[1]
https://cgit.freebsd.org/ports/commit/?id=43741377b14
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Q - openssl-1.1.1m_2,1 is vulnerable: How to solve