Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Advisory is a bit unclear (Score 2) 217

After reading the advisory from OpenSSL, I'm still confused by what is vulnerable and what isn't. The flaw requires both the client and server to be vulnerable. If the client is using OpenSSL, they're vulnerable for 0.9.8/1.0.0/1.0.1. But if the server is using OpenSSL, they're only vulnerable if using 1.0.1/1.0.2(beta). Yet the bullet list of recommendations points out that servers should upgrade even if they're using 0.9.8: * OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. Let's say I have a server using 0.9.8 and client using 1.0.0. If I understand their explanation correctly, then this scenario is *not* vulnerable. Is that the same conclusion others would draw from their explanation?

Slashdot Top Deals

You can tune a piano, but you can't tuna fish. You can tune a filesystem, but you can't tuna fish. -- from the tunefs(8) man page

Working...