In article 1483a20e-66b7-4ecc-8c14-34de4b24b...@gmail.com,
Markus Falb wne...@gmail.com wrote:
No vulnerability on the
server can expose a private client certificate, only a vulnerability on
the client can.
With malicious server I did not meant one that was affected
by heartbleed but a
Dne 9.4.2014 17:27, Johnny Hughes napsal(a):
It is only things that actually used SSL in memory (like httpd, imaps,
pop3s, etc) . those certificates COULD have been impacted. openssh was
not impacted (based on my reading).
What about the user credentials sent over this insecure communication
On 04/10/2014 05:17 AM, David Hrbáč wrote:
Dne 9.4.2014 17:27, Johnny Hughes napsal(a):
It is only things that actually used SSL in memory (like httpd, imaps,
pop3s, etc) . those certificates COULD have been impacted. openssh was
not impacted (based on my reading).
What about the user
Dne 10.4.2014 14:47, Johnny Hughes napsal(a):
Those are the two possible things that could have happened.
=
In the case of CentOS servers, the time period where that could have
occurred is from December 1, 2013 (when openssl-1.0.1e-15.el6 was
released in
On Thu, Apr 10, 2014 at 03:10:31PM +0200, David Hrbá?? wrote:
are going to regenerate the user passwords and ssh keys. What more we
SSH keys were not compromised by heartbleed (unless you had a management
tool that was vulnerable or an alternative ssh daemon that used libssl).
Nothing in the
On 09.Apr.2014, at 22:12, Peter pe...@pajamian.dhs.org wrote:
On 04/10/2014 03:09 AM, Markus Falb wrote:
I am assuming that client certificates are handed out to staff. Basically
you can't
really control where people install client certificates and which client
software is used.
If one
On 04/07/2014 08:30 PM, Always Learning wrote:
Thank you.
What will the temporary packages be called ?
Since this is the first post about the openssl update, I want to answer
a couple questions here:
1. The first susceptible version of openssl in a CentOS release was
On 09.Apr.2014, at 15:54, Johnny Hughes joh...@centos.org wrote:
On 04/07/2014 08:30 PM, Always Learning wrote:
Thank you.
What will the temporary packages be called ?
Since this is the first post about the openssl update, I want to answer
a couple questions here:
1. The first
On 04/09/2014 09:09 AM, Markus Falb wrote:
On 09.Apr.2014, at 15:54, Johnny Hughes joh...@centos.org wrote:
On 04/07/2014 08:30 PM, Always Learning wrote:
Thank you.
What will the temporary packages be called ?
Since this is the first post about the openssl update, I want to answer
a
On Wed, 9 Apr 2014, Johnny Hughes wrote:
1. Besides doing the updates, you should replace any certificates
using SSL or TLS that are openssl based. This includes VPN,
HTTPD, etc. See http://heartbleed.com/ for more info on impacted
keys.
The OpenVPN folks note that if your
On 04/09/2014 09:27 AM, Johnny Hughes wrote:
On 04/09/2014 09:09 AM, Markus Falb wrote:
On 09.Apr.2014, at 15:54, Johnny Hughes joh...@centos.org wrote:
On 04/07/2014 08:30 PM, Always Learning wrote:
Thank you.
What will the temporary packages be called ?
Since this is the first post
On 04/10/2014 03:09 AM, Markus Falb wrote:
I am assuming that client certificates are handed out to staff. Basically you
can't
really control where people install client certificates and which client
software is used.
If one is tricked to do a SSL Handshake with a malicious server, the
Thank you.
What will the temporary packages be called ?
--
Paul.
England,
EU.
Our systems are exclusively Centos. No Micro$oft Windoze here.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
On Tue, 2014-04-08 at 03:30 +0100, Always Learning wrote:
Thank you.
What will the temporary packages be called ?#
I've answered my own question: openssl*
--
Paul.
England,
EU.
Our systems are exclusively Centos. No Micro$oft Windoze here.
14 matches
Mail list logo
