Patches for OpenSSL
Herbert J. Skuhra
herbert at gojira.at
Thu Dec 10 12:08:25 UTC 2020
On Thu, Dec 10, 2020 at 06:55:15AM -0500, jerry at seibercom.net wrote:
> I just read "FreeBSD Security Advisory FreeBSD-SA-20:33.openssl". I found the following part of the message quite troubling.
>
>
>
> "Note: The OpenSSL project has published publicly available patches for versions included in FreeBSD 12.x. This vulnerability is also known to affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL project is only giving patches for that version to premium support contract holders. The FreeBSD project does not have access to these patches and recommends ..."
>
>
>
> Exactly why doesn't FreeBSD have access to the above mentioned 'patches'? Is this purely a financial matter? If so, then exactly how much are we talking about here? For one, I would be too interested in knowing the specifics regarding FreeBSD's inability to gain access to these patches.
https://www.openssl.org/news/secadv/20201208.txt
OpenSSL 1.0.2 is out of support and no longer receiving public updates.
Extended support is available for premium support customers:
https://www.openssl.org/support/contracts.html
Premium Level Support
US$50,000 annually
--
Herbert
More information about the freebsd-questions
mailing list