OpenSSL vulnerability

Started by Goldorak92, April 22, 2020, 03:56:59 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 22, 2020, 03:56:59 PM
Hi guys,

For information, OpenSSL published a vulnerability paper yesterday:

https://www.openssl.org/news/secadv/20200421.txt

It's impacting our Opnsense20.1.4 which is using OpenSSL 1.1.1f .

Regards,
G.
April 22, 2020, 04:34:30 PM #1
OpenSSL 1.1.1g will fix this issue as far as I know ...

Is it possible to install this directly, without waiting for a OPNsense 20.1.5 release?
The fact that we live at the bottom of a deep gravity well, on the surface of a gas covered planet going around a nuclear fireball 90 million miles away and think this to be normal is obviously some indication of how skewed our perspective tends to be. (Douglas Adams)
April 22, 2020, 05:21:30 PM #2
Just disable TLS 1.3

Dont think that many guys use it already
April 23, 2020, 08:11:35 AM #3
There will always be OpenSSL vulnerabilities...

20.1.5 won't include this as it is bad timing as usual. Maybe we can pick this up next week.


Cheers,
Franco
April 23, 2020, 04:56:04 PM #4
Ok, thanks for your replies Mimugmail and Franco.

Cheers,
G.
Print
Go Up Pages1
User actions