OpenSSL vulnerability
Is this enough reason to use OpenSSL version 0.9.7c instead of 0.9.7b for the 2.3.2 final windows installer, or should the release candidate remain unchanged? http://www.openssl.org/news/secadv_20030930.txt Thomas
Thomas> Is this enough reason to use OpenSSL version 0.9.7c instead of Thomas> 0.9.7b for the 2.3.2 final windows installer, or should the Thomas> release candidate remain unchanged? Thomas> http://www.openssl.org/news/secadv_20030930.txt At this point I'm inclined to let it go. There are many other vulnerable SS[LH targets out there, and you can't wait forever until the OpenSS[LH] folks stop emitting patches. Skip
Thomas Heller wrote Is this enough reason to use OpenSSL version 0.9.7c instead of 0.9.7b for the 2.3.2 final windows installer, or should the release candidate remain unchanged?
I'd say build with the patched libraries, but only if you can test them
before then. OTOH, most of the advisory seems to be about server-side
problems, and the inbuilt SSL stuff in python is client stuff.
go-not-to-australians-for-answers-for-they-will-answer-both-yes-and-no,
Anthony
--
Anthony Baxter
participants (3)
-
Anthony Baxter -
Skip Montanaro -
Thomas Heller