FreeBSD-SA-04:05.openssl question
Ng Pheng Siong
ngps at netmemetic.com
Wed Mar 17 18:55:40 PST 2004
On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote:
> --- Dag-Erling Sm?rgrav <des at des.no> wrote:
> > From the URL you mentioned: "Most applications have no ability to use
> > Kerberos ciphersuites and will therefore be unaffected."
>
> Do you imply that applications with ability to use Kerberos
> ciphersuites are impossible to be implemented for current versions of FreeBSD?
The text before the above quoted "Most applications have no ability..."
read
A remote attacker could perform a carefully crafted SSL/TLS handshake
against a server configured to use Kerberos ciphersuites [...]
Instead of asking about impossibility in the abstract, ask if you do run
servers that support Kerberos cipthersuites and, if yes, how to configure
your software to not use them.
Cheers.
--
Ng Pheng Siong <ngps at netmemetic.com>
http://firewall.rulemaker.net -+- Firewall Change Management & Version Control
http://sandbox.rulemaker.net/ngps -+- Open Source Python Crypto & SSL
More information about the freebsd-security
mailing list