--- Ng Pheng Siong <[email protected]> wrote: > On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote: > > --- Dag-Erling Sm?rgrav <[email protected]> wrote: > > > From the URL you mentioned: "Most applications have no ability to > > > use Kerberos ciphersuites and will therefore be unaffected." > > > > Do you imply that applications with ability to use Kerberos > > ciphersuites are impossible to be implemented for current versions > > of FreeBSD? > > The text before the above quoted "Most applications have no > ability..." > read > > A remote attacker could perform a carefully crafted SSL/TLS > handshake against a server configured to use Kerberos ciphersuites > [...] > > Instead of asking about impossibility in the abstract, ask if you do > run servers that support Kerberos cipthersuites and, if yes, how to > configure your software to not use them. My original question was about specified vulnerability of OpenSSL, not about applicaion that use it. __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"