[Bug 279891] freebsd-update fetch does not use any TLS which is a security risk

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 279891] freebsd-update fetch does not use any TLS which is a security risk"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 21 Jun 2024 12:18:27 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279891

            Bug ID: 279891
           Summary: freebsd-update fetch does not use any TLS which is a
                    security risk
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: p5B2EA84B3@t-online.de

Fetching system components without any Transport Layer Security must be
considered as an exposure to mitm-risks.

Please be advised that multiple policies in professional environments were
rolled out that require TLS on ANY network connection. 

This means that FreeBSD will fail passing security audits due to that problem
where there is such requirements.

-- 
You are receiving this mail because:
You are the assignee for the bug.