temporary workaround for most recent openssl remote exploit?

temporary workaround for most recent openssl remote exploit?

am 31.07.2002 21:22:40 von AdItYa

The FreeBSD Security Advisory FreeBSD-SA-02:33.openssl says:

IV. Workaround

Disabling the SSL2 protocol in server applications should render
server exploits harmless. There is no known workaround for client
applications.

and while I'm upgrading my systems, to limit my window of exposure, if
I restart my Apache servers, with:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+e NULL

(change +SSLv2 to -SSLv2) rather than the default:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL

will that be sufficient as a workaround?

Thanks,
Adi



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users=PtrqzZoGfuUdnm+yROfE0A@public.gmane.org
Automated List Manager majordomo=PtrqzZoGfuUdnm+yROfE0A@public.gmane.org