On 28 Mar, Pedro Giffuni wrote: > In reply to Don, >> The versions of openssl and curl badly need updating for the same >> reason, and there is one CVE for serf. > > FreeBSD casually keeps some backported updates for the same openssl > version AOO uses: > > https://svnweb.freebsd.org/base/stable/9/crypto/openssl/?view=log > > It should be pretty straightforward to take them from there and use them > into > main/openssl with minor adaptions.
That would fix only part of the problem. The other part of the problem is that the version of openssl that we currently bundle doesn't implement the newer and more secure protocols and ciphers. The older and less secure ones are gradually getting disabled on the server side. For instance, my only copy of Windows is XP, and the last version of IE released for XP can no longer connect to some web sites because they have disabled all of the protocols that IE supports. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
