A new version of OpenSSL (security/openssl) has appeared in the ports tree.
Please note that this new release does not fix the TLS bug which has been discussed in security circles in the past few days; it merely disbles TLS/SSL renegotiation by default.
Read the following analysis and make sure you thoroughly test any application that needs/uses OpenSSL before putting it into production use:
http://isc.sans.org/diary.html?storyid=7543
Note: this only concerns OpenSSL from the ports tree. I do not know how and when OpenSSL in the base system will be upgraded, and with which defaults.
Please note that this new release does not fix the TLS bug which has been discussed in security circles in the past few days; it merely disbles TLS/SSL renegotiation by default.
Read the following analysis and make sure you thoroughly test any application that needs/uses OpenSSL before putting it into production use:
http://isc.sans.org/diary.html?storyid=7543
Note: this only concerns OpenSSL from the ports tree. I do not know how and when OpenSSL in the base system will be upgraded, and with which defaults.