On 4/10/2014 7:57 PM, postfix-us...@tja-server.de
wrote:
Wietse Venema wrote:
OpenSSL versions prior to 1.0.1 don't
have the hearbeat feature and have never been affected by this bug.
ii openssl 0.9.8o-4squeeze14
Secure Socket Layer (SSL) binary and relat
Wietse Venema wrote:
OpenSSL versions prior to 1.0.1 don't
have the hearbeat feature and have never been affected by this bug.
ii openssl
0.9.8o-4squeeze14 Secure Socket
Layer (SSL) binary and related crypto
The Heartbleed bug allows a remote attacker to read chunks of memory
from a vulnerable TLS CLIENT PROCESS (e.g., smtp(8)) or TLS SERVER
PROCESS (e.g., smtpd(8)). OpenSSL versions prior to 1.0.1 don't
have the hearbeat feature and have never been affected by this bug.
You can use forward secrecy t
On 10 Apr 2014, at 08:14, lst_ho...@kwsoft.de wrote:
> I still wonder why OpenSSL does not use the memory wipe before free, is it a
> performance killer or a feature?
I imagine the OpenSSL developers didn't think this was necessary when they
first started on the code 10-15 years ago and that in
Zitat von Viktor Dukhovni :
On Wed, Apr 09, 2014 at 05:54:33PM -0400, Victoriano Giralt wrote:
I'd like to 'hear' Wietse's and Victor's opinion on how could
this nasty bug affect a TLS service like submission?
In pretty much the same way that it applies to web services.
* SSL/TLS Private
On Wed, Apr 09, 2014 at 11:01:05PM +, Viktor Dukhovni wrote:
> > I'd like to 'hear' Wietse's and Victor's opinion on how could
> > this nasty bug affect a TLS service like submission?
>
> In pretty much the same way that it applies to web services.
Note that the leak can also take place from
On Wed, Apr 9, 2014 at 7:26 PM, Viktor Dukhovni
wrote:
> On Wed, Apr 09, 2014 at 07:05:50PM -0400, Ian Evans wrote:
>
> > Thanks for this. Since many touch their email servers far less than their
> > postfix configs, is there a list of files we absolutely have to check for
> > SSL issues?
>
My fi
On Wed, Apr 09, 2014 at 07:05:50PM -0400, Ian Evans wrote:
> Thanks for this. Since many touch their email servers far less than their
> postfix configs, is there a list of files we absolutely have to check for
> SSL issues?
Apply the absolutely most recent patch level of whichever OpenSSL
librar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Thanks! Victor
Very much appreciated.
- --
Victoriano Giralt
Enviado desde el movil / Sent from mobile
-BEGIN PGP SIGNATURE-
Version: APG v1.0.9
iG0EAREIAC0FAlNF0pMmHFZpY3Rvcmlhbm8gR2lyYWx0IDx2aWN0b3JpYW5vQHVt
YS5lcz4ACgkQV6+mDjj1PTgZTwCgi
On Wed, Apr 9, 2014 at 7:01 PM, Viktor Dukhovni
wrote:
>
> - Upgrade to 1.0.1g ASAP if running 1.0.1--1.0.1f, and/or re-compile
> OpenSSL with -DOPENSSL_NO_HEARTBEATS
>
> - Replace server TLS private keys and certificates.
>
> - Consider asking users to change SASL PLAIN/LOGIN auth passw
On Wed, Apr 09, 2014 at 05:54:33PM -0400, Victoriano Giralt wrote:
> I'd like to 'hear' Wietse's and Victor's opinion on how could
> this nasty bug affect a TLS service like submission?
In pretty much the same way that it applies to web services.
* SSL/TLS Private keys may be compromised.
*
Am 09.04.2014 23:54, schrieb Victoriano Giralt:
> I'd like to 'hear' Wietse's and Victor's opinion on how could this nasty bug
> affect a TLS service like submission?
>
> I suppose that the answer would very well be that "it depends on the
> availability of exploits", but ...
in doubt *any* s
12 matches
Mail list logo
