Warning about OpenSSL 1.0.2
Alain Péan
alain.pean at lpn.cnrs.fr
Tue Oct 13 11:01:15 CEST 2015
Hi Fajar,
Le 13/10/2015 10:47, Fajar A. Nugraha a écrit :
> The warning Allan posted was about servers that use openssl-1.0.2,
> like debian testing and ubuntu wily (which should be released this
> month). The fix is present in git, and will be present in the next
> 3.0.11 (whenever that is), but there probably won't be any 2.2.10 due
> to EOL policy. In which case the "fix" that admins can use is to
> ensure:
> - NOT use openssl-1.0.2. Not an issue if they already stick to LTS
> release anyway. OR
> - Build their own FR version from git, and later upgrade to 3.0.11
> when that is released.
>
> I agree with Arran here. Admins wishing to use openssl-1.0.2 on their
> server should use the git version or 3.0.11+.
Thanks for your detailed explanations. In fact, I don't want to bother
with recompiling by hand any application that I use, and follow all of
bugs and securty annoucements, and if one is compatible with the other.
It's why I prefer to let this job to distro manager, and update my
distro on a regular basis.
Alain
--
Administrateur Système/Réseau
Laboratoire de Photonique et Nanostructures (LPN/CNRS - UPR20)
Centre de Recherche Alcatel Data IV - Marcoussis
route de Nozay - 91460 Marcoussis
Tel : 01-69-63-61-34
More information about the Freeradius-Users
mailing list