vulnerable to this:
https://github.com/PentesterES/Delorean
(tl;dr Man-in-the-Middle)
ntp is not secure. openntpd is a more secure implementation of a
protocol that is not secure by design.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgppRon8i_0_S.pgp
Description
://www.ietf.org/mail-archive/web/tls/current/msg12143.html
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
diff -Naur libressl-2.0.3/include/openssl/tls1.h libressl-2.0.3-1/include/openssl/tls1.h
--- libressl-2.0.3/include/openssl/tls1.h 2014-07-11 18:50:56.0
for their firmware.
They did. The problem is people not updating their firmware.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
how much api breakage libressl is willing to
accept. However, in the case of egd it was decided against having such
stub functions around.
Patch to remove compression related stub functions attached.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
diff -Naur
getentropy_linux.c and wasn't really a function, just a stub of it.
Removing it did the trick for me. Is this the right approach? (see
patch attached)
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
--- libressl-2.0.0/crypto/compat/getentropy_linux.c 2014-07-11 19:41
On Sat, 12 Jul 2014 10:29:31 +0200
Philip Guenther guent...@gmail.com wrote:
On Sat, Jul 12, 2014 at 10:20 AM, Hanno Böck ha...@hboeck.de wrote:
I had a number of compilation problems with packages when linking to
libressl that I could trace back to the appearance of a main
symbol
on archs that had no egd.
See attached patch.
What confused me a bit was that openssl returned 0 on RAND_egd when I
gave it a bogus parameter (according to the docs -1 should be the error
value). Maybe this is a bug in openssl.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG
calls arc4random
* arc4random is a compat function both in openssh and libressl
* arc4random from openssh uses RAND_bytes
Is there some funny recursion going on here?
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
On Fri, 11 Jul 2014 18:12:49 -0600
Bob Beck b...@obtuse.com wrote:
You need a more recent OpenSSH. The old versions of OpenSSH did a
foolish thing with their portable arc4random, and
called RAND_BYTES.
New OpenSSH does not do this.
I use 6.6p1 which is the latest available.
--
Hanno Böck