> OpenVPN, when using tls-auth, is not affected, though it's vulnerable in > configurations without TLS auth. > > Password-based services like smtp/s, msa, imap/s, pop/s, https, and xmpp are > all vulnerable. > > I don't know yet about Bacula (using x509) and Cfengine.
Note that client-side apps that rely on OpenSSL are also affected. These aren't as common, as most popular browsers and day-to-day tools use other SSL/TLS libraries, but sometimes it is hard to account for absolutely everything that might be vulnerable. Just try to be sure every OpenSSL installation you have is patched up or otherwise not affected. tim _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
