A server is vulnerable to DROWN if:
- It allows SSLv2 connections. This is surprisingly common, due to misconfiguration and inappropriate default settings. Our measurements show that 17% of HTTPS servers still allow SSLv2 connections.
- Its private key is used on any other server that allows SSLv2 connections, even for another protocol. Many companies reuse the same certificate and key on their web and email servers, for instance. In this case, if the email server supports SSLv2 and the web server does not, an attacker can take advantage of the email server to break TLS connections to the web server. When taking key reuse into account, an additional 16% of HTTPS servers are vulnerable, putting 33% of HTTPS servers at risk.
The same people who complain that the first move of LibreSSL guys was to nuke 50% of useless/obsolite code. I can't believe that OpenBSD put with this crap for such a long time. I can't wait to see GCC, and GNU binutils nuked on OpenBSD even if that means that OpenBSD will be running only on modern architectures: amd64, arm, and mips64. I have personally got rid of all other retro hardware which has also contributed to improvements in my marriage .
It does wonders for your electricity bill too. Got rid of a lot of old stuff some time ago and replaced a couple of power supplies for modern, more efficient, versions. I think it cut my monthly electricity bill in halfI have personally got rid of all other retro hardware which has also contributed to improvements in my marriage .
It is old news long time overdue IMHO. Free should follow suit.It seems like the OpenBSD guys are also completely getting rid of their Linux compatibility layer.
It does wonders for your electricity bill too. Got rid of a lot of old stuff some time ago and replaced a couple of power supplies for modern, more efficient, versions. I think it cut my monthly electricity bill in half
In any case, as protocelt already noted the base has been patched. And I see the security/openssl port has been updated too. It's going to be a busy day today.
It is old news long time overdue IMHO. Fee should follow suit.
It is old news long time overdue IMHO. Free should follow suit.
Unfortunately that is a tough one. Switching a version control system to accommodate OS usually is not an option as I learn to know all too well. There are still few Flash/Java based configuration tools for proprietary network devices which were working under Linux compatibility layer on OpenBSD. That was the last thing holding Linux comp on i386 for a very long time. It is just too much obsolete security ridden kernel code for what is worth.Unfortunately I am one of the very few people who used OpenBSD's Linux compat. I needed it for perforce :/
Perforce has actually bothered to put out a native FreeBSD binary but their OpenBSD one is for version 2.x and no longer works.
I ended up having to look into GitFusion to make a git compatibility layer over the Perforce server. Luckily all the other developers preferred to use Git in the end anyway so I managed to remove Perforce entirely from our work pipeline. So perhaps removing Linux compatibility layers is a great way to remove reliance on closed-source software