[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pfsense-discussion
Subject:    Re: [pfSense] freak vulnerable for pfsense
From:       WebDawg <webdawg () gmail ! com>
Date:       2015-03-20 22:39:15
Message-ID: CAKdd5H-J8PTUF1kM8dN07hzNSNPU=4t2gh6_n52bnGfezOaENg () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Thu, Mar 19, 2015 at 8:58 AM, Vick Khera <vivek@khera.org> wrote:

> pfsense < 2.2 have a split-brain openssl. so to test the version that
> you're getting with the openvpn service, you need to check the openssl
> linked to it. In this case "/usr/lcoal/bin/openssl version" will tell you
> it is newer.
>
> However, as everyone says, update to newest version of pfSense is your
> best move. Disabling export grade ciphers is also good advice.
>
>
This is most likley the wrong place to ask this but I figure some would
know.  Why are EXPORT ciphers still written into the suite?  I thought the
EXPORT rules were gone?

[Attachment #5 (text/html)]

<div dir="ltr">On Thu, Mar 19, 2015 at 8:58 AM, Vick Khera <span dir="ltr">&lt;<a \
href="mailto:vivek@khera.org" target="_blank">vivek@khera.org</a>&gt;</span> \
wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">pfsense &lt; 2.2 have a split-brain openssl. \
so to test the version that you&#39;re getting with the openvpn service, you need to \
check the openssl linked to it. In this case &quot;/usr/lcoal/bin/openssl \
version&quot; will tell you it is newer.<div><br></div><div>However, as everyone \
says, update to newest version of pfSense is your best move. Disabling export grade \
ciphers is also good advice.</div></div><div \
class="gmail_extra"><br></div></blockquote><div>  <br></div><div>This is most likley \
the wrong place to ask this but I figure some would know.   Why are EXPORT ciphers \
still written into the suite?   I thought the EXPORT rules were \
gone?<br></div></div></div></div>



_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic