FreeBSD Security Advisory FreeBSD-SA-14:14.openssl

Xin Li delphij at delphij.net
Thu Jun 5 15:57:56 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 6/5/14, 8:09 AM, Jappe Reuling wrote:
> Hi,
> 
> One, my appologies if it's  a stupid one, question: the advisory is
> for DTLS, hence UDP TLS, right?

DTLS should work with SCTP as well but most applications uses DTLS
with UDP.

Please note that this advisory have 4 issues and 2 of them were DTLS,
2 were TLS.

> Normally you would run SSL (TLS a.o.) via TCP. So what would use
> DTLS (in the base system) and could be vulnerable? A mailserver
> using TLS and linked to the base system's openssl would be using
> TCP...?

The TLS ones are vulnerable to e.g. CVE-2014-0224 which allows MITM
attack.

Cheers,
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTkJODAAoJEJW2GBstM+nsMuMP/i9u5iZqW1t3zHJ+GOg+GVF0
64wqViaCtCDad0ibHQw5Mv0otxPN+J4P7QPRRGBs1lzR/yWkjZMcjqCr6qcA8wSs
KGFprvoslVU67sP5A/WQGFNPhy4IkxhhpWE/+ELBvt0qkO1J8x6mctgxbHmIg45p
U6YHdh2SsY/ph2HgBOcG6lsTE3AY2xSZgCVfbHxzsioX3CoaXjpup/aSQ/mfzRJU
WEtEuEyrJMiIs+tolXfaQWiPBMoGuwq8B87JJgcRaHEquMsFPeYejpk4nhYAdUlm
BKdrfUbZBryYIQmpIP3yws47qFgdboqwCv7HLpXqbqVwiebx5Ioz1o07ukAAe+H5
99I/8G7DYwLRccdi4blaJZhYksiEYVMagW86DRlC/Vi/i3mQPfNHZhTO88qOgtOZ
drQZeQo/3ExhgHWRa2ERToyEGntPZh1rIDAIbYh6ht4LH6VpjIvIfOQgVSHVvJjA
ePFUasbC64BSXvnPEVz7awyzLJSb42fJS4vGQ4/DTbmTOP8pHW14WcxTZeA/W2j2
OPkEtlcQt8OOQlyzp05mqq/wcEFNmw8OAX+LdVU+4XwzGVq4vA467LBtHnk/J1kb
uqf76t4M/j05Z4UfRV4QpYmmTlFWXa1MzjvVi3i/K0oxjiNyX9bPBkd6MLAo+dfl
eX0INg7phQp+cre+Sd4c
=28Xl
-----END PGP SIGNATURE-----


More information about the freebsd-security mailing list