Contributed by tj on from the logjammin' dept.
Brent Cook (bcook@) has announced the latest LibreSSL releases, which contain fixes for several CVEs:
We have released LibreSSL 2.2.0, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This release is the first from the OpenBSD 5.8 development tree and features mainly on build system improvements and new OS support. We have also released LibreSSL 2.1.7, which contains additional security fixes.
Of special note is the upcoming removal of SSLv3:
Note: This will likely be the last 2.2.x release with support for SSLv3, as it will be removed entirely from the main LibreSSL tree.
(Comments are closed)
By Jorden Verwer (145.131.158.89) on
Comments
By Anonymous Coward (209.181.89.124) on
Does that mean SSLv3 just needs more work to go back in, or does that mean the standard itself is broken and needs to be avoided?
Comments
By Anonymous Coward (80.44.54.27) on
>
> Does that mean SSLv3 just needs more work to go back in, or does that mean the standard itself is broken and needs to be avoided?
SSLv3 as a standard is broken. Weaknesses have been discovered...