On Thu, May 21, 2015 at 6:21 AM, Mark Felder wrote:
>
>
> On Wed, May 20, 2015, at 17:48, Xin Li wrote:
> ]>
> > Well, currently OpenSSL do accept weak DH so _arguably_ it does affect
> > FreeBSD, and it's likely to break existing applications if we enforce
> > such restrictions (namely, Java 6).
On Wed, May 20, 2015, at 17:48, Xin Li wrote:
]>
> Well, currently OpenSSL do accept weak DH so _arguably_ it does affect
> FreeBSD, and it's likely to break existing applications if we enforce
> such restrictions (namely, Java 6).
>
AFAIK, Java doesn't support >1024 DH key until Java 8.
_
On 05/20/15 23:48, Xin Li wrote:
> The document at https://weakdh.org/sysadmin.html gives additional
> information for individual daemons, including Apache (mod_ssl), nginx,
> lighttpd, Tomcat, postfix, sendmail, dovecot and HAProxy.
The part of that https://weakdh.org/ site that concerns me most
Hi,
> The document at https://weakdh.org/sysadmin.html gives additional
> information for individual daemons, including Apache (mod_ssl), nginx,
> lighttpd, Tomcat, postfix, sendmail, dovecot and HAProxy.
>
Unfortunately the documentation does only offer guidance for Apache 2.4.
As Apache 2.2 do
Xin Li wrote:
> On 05/20/15 14:40, Julian H. Stacey wrote:
> > Hi secur...@freebsd.org
>
> Please note that secur...@freebsd.org = sect...@freebsd.org. Since
> this is posted to ports@ which is public, I'm assuming it's not
> intended to be in private.
Yes, correct, thanks Xin Li,
(Sorry I fo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/20/15 14:40, Julian H. Stacey wrote:
> Hi secur...@freebsd.org
Please note that secur...@freebsd.org = sect...@freebsd.org. Since
this is posted to ports@ which is public, I'm assuming it's not
intended to be in private.
> (& bcc'd a couple
Hi secur...@freebsd.org
(& bcc'd a couple of friends)
Refa:
http://www.bbc.com/news/technology-32814309
(posted 5 hours before Wed May 20 23:01:22 CEST 2015)
http://www.theregister.co.uk/2015/05/20/logjam_impact/
20 May 2015 at 16:29
Does it affect FreeBSD ? If so, I guess securi
