Re: [naviserver-devel] I've update to solve SSL/TLS MITM vulnerability

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Dear all,

Cesareo, you are right. For CVE-2014-0224, an upgrade of
openssl + restart of naviserver is sufficient. There is no need to
upgrade naviserver or nsssl.

-gustaf neumann

Am 20.06.14 23:45, schrieb Cesáreo García Rodicio:
> Hi!
>
> I had an F in Qualys SSL Labs due to the most recent openssl bug
> (SSL/TLS MITM vulnerability (CVE-2014-0224):
> https://www.openssl.org/news/secadv_20140605.txt).
>
> So,
>    - I've upgrade openssl (in my box via debian apt-get update and
> apt-get upgrade). Now with OpenSSL 1.0.1e 11 Feb 2013
>    - I've upgrade naviserver (to TIP version). I think nssl module was
> not updated.
>
> And it worked, now I get A+.
>
> I think that it wasn't a naviserver issue but I post it here just to
> keep informed our community.
>
> Thanks
> Cesareo
>

Re: [naviserver-devel] I've update to solve SSL/TLS MITM vulnerability

NaviServer, a high performance web server written in C and Tcl

Re: [naviserver-devel] I've update to solve SSL/TLS MITM vulnerability