Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Advisory is a bit unclear (Score 2) 217

After reading the advisory from OpenSSL, I'm still confused by what is vulnerable and what isn't. The flaw requires both the client and server to be vulnerable. If the client is using OpenSSL, they're vulnerable for 0.9.8/1.0.0/1.0.1. But if the server is using OpenSSL, they're only vulnerable if using 1.0.1/1.0.2(beta). Yet the bullet list of recommendations points out that servers should upgrade even if they're using 0.9.8: * OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. Let's say I have a server using 0.9.8 and client using 1.0.0. If I understand their explanation correctly, then this scenario is *not* vulnerable. Is that the same conclusion others would draw from their explanation?

Slashdot Top Deals

"Everything should be made as simple as possible, but not simpler." -- Albert Einstein