OpenSSL vulnerability
Is this enough reason to use OpenSSL version 0.9.7c instead of 0.9.7b for the 2.3.2 final windows installer, or should the release candidate remain unchanged? <http://www.openssl.org/news/secadv_20030930.txt> Thomas
Thomas> Is this enough reason to use OpenSSL version 0.9.7c instead of Thomas> 0.9.7b for the 2.3.2 final windows installer, or should the Thomas> release candidate remain unchanged? Thomas> <http://www.openssl.org/news/secadv_20030930.txt> At this point I'm inclined to let it go. There are many other vulnerable SS[LH targets out there, and you can't wait forever until the OpenSS[LH] folks stop emitting patches. Skip
Thomas Heller wrote Is this enough reason to use OpenSSL version 0.9.7c instead of 0.9.7b for the 2.3.2 final windows installer, or should the release candidate remain unchanged?
I'd say build with the patched libraries, but only if you can test them before then. OTOH, most of the advisory seems to be about server-side problems, and the inbuilt SSL stuff in python is client stuff. go-not-to-australians-for-answers-for-they-will-answer-both-yes-and-no, Anthony -- Anthony Baxter <anthony@interlink.com.au> It's never too late to have a happy childhood.
participants (3)
-
Anthony Baxter -
Skip Montanaro -
Thomas Heller