Announcement

**chuckula** · 16 February 2017, 02:17 PM

I'm sure this hits some people but most are still on OpenSSL 1.02, even many rolling distros like Arch.

**nomadewolf** · 16 February 2017, 02:21 PM

I guess it's time for a new fork...

**Guest** · 16 February 2017, 02:21 PM

I think openssl 1.1 is on Arch Linux's todo list.
I personally think it will need work as it touches curl and hence pacman.

Edit: I wish they would migrate curl and its dependent packages to use nss instead of openssl. Fedora does so already if I understand correctly.

**uid313** · 16 February 2017, 02:35 PM

We need a new modern suite that is written in Rust and only supports TLS 1.3 with no support for TLS 1.0-1.2 or SSL. No support for MD5 or SHA-1, etc. Minimal, robust, secure.

**torsionbar28** · 16 February 2017, 02:46 PM

We need to replace this faulty SSL stuff. I propose hiring a legion of Navajo code talkers.

**devius** · 16 February 2017, 02:59 PM

We need to go back to DOS and serial null-modem connections.

**mlau** · 16 February 2017, 04:18 PM

Originally posted by devius View Post

We need to go back to DOS and serial null-modem connections.

Ah, the good old times..

**Wingfeather** · 16 February 2017, 05:50 PM

Can anyone tell if LibreSSL is/was vulnerable? Although, if this was only introduced with 1.1 then I would guess not...

**kgardas** · 16 February 2017, 06:33 PM

It'll be interesting to see if LibreSSL (by OpenBSD team) or BoringSSL (by Google) will be affected by this issue too.

Announcement

OpenSSL Hit By New High Severity Security Issue

OpenSSL Hit By New High Severity Security Issue

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment