OpenSSL TLS Heartbeat Security Issue
staticsafe
me at staticsafe.ca
Tue Apr 8 12:44:25 UTC 2014
On 4/8/2014 08:29, Matheus Weber da Conceição wrote:
> # uname -a && openssl version
> FreeBSD labxyz 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r264140: Mon Apr 7
> 11:21:50 BRT 2014 root at labxyz:/usr/obj/usr/src/sys/LABXYZ amd64
> OpenSSL 1.0.1e-freebsd 11 Feb 2013
>
> Looks like a vulnerable OpenSSL, or the freebsd version was compiled
> without heartbleed support?
>
Yep, vulnerable version. OpenSSL is built with heartbeat by default.
--
staticsafe
More information about the freebsd-questions
mailing list