-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 6/5/14, 8:09 AM, Jappe Reuling wrote: > Hi, > > One, my appologies if it's a stupid one, question: the advisory is > for DTLS, hence UDP TLS, right? DTLS should work with SCTP as well but most applications uses DTLS with UDP. Please note that this advisory have 4 issues and 2 of them were DTLS, 2 were TLS. > Normally you would run SSL (TLS a.o.) via TCP. So what would use > DTLS (in the base system) and could be vulnerable? A mailserver > using TLS and linked to the base system's openssl would be using > TCP...? The TLS ones are vulnerable to e.g. CVE-2014-0224 which allows MITM attack. Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTkJODAAoJEJW2GBstM+nsMuMP/i9u5iZqW1t3zHJ+GOg+GVF0 64wqViaCtCDad0ibHQw5Mv0otxPN+J4P7QPRRGBs1lzR/yWkjZMcjqCr6qcA8wSs KGFprvoslVU67sP5A/WQGFNPhy4IkxhhpWE/+ELBvt0qkO1J8x6mctgxbHmIg45p U6YHdh2SsY/ph2HgBOcG6lsTE3AY2xSZgCVfbHxzsioX3CoaXjpup/aSQ/mfzRJU WEtEuEyrJMiIs+tolXfaQWiPBMoGuwq8B87JJgcRaHEquMsFPeYejpk4nhYAdUlm BKdrfUbZBryYIQmpIP3yws47qFgdboqwCv7HLpXqbqVwiebx5Ioz1o07ukAAe+H5 99I/8G7DYwLRccdi4blaJZhYksiEYVMagW86DRlC/Vi/i3mQPfNHZhTO88qOgtOZ drQZeQo/3ExhgHWRa2ERToyEGntPZh1rIDAIbYh6ht4LH6VpjIvIfOQgVSHVvJjA ePFUasbC64BSXvnPEVz7awyzLJSb42fJS4vGQ4/DTbmTOP8pHW14WcxTZeA/W2j2 OPkEtlcQt8OOQlyzp05mqq/wcEFNmw8OAX+LdVU+4XwzGVq4vA467LBtHnk/J1kb uqf76t4M/j05Z4UfRV4QpYmmTlFWXa1MzjvVi3i/K0oxjiNyX9bPBkd6MLAo+dfl eX0INg7phQp+cre+Sd4c =28Xl -----END PGP SIGNATURE----- _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"