[Freeswitch-users] major openssl vulnerability.

dwi yulianto dwiyulianto.anto at gmail.com
Mon Apr 14 18:44:28 MSD 2014


we still can use SSL DOS in freeswitch with TLS.

but that only make CPU goes up to 100%


On Tue, Apr 8, 2014 at 5:56 PM, jay binks <jaybinks at gmail.com> wrote:

> This is useful for webservers, possibly for SIP-TLS ... not sure .
>
> http://filippo.io/Heartbleed/
>
> Jay
>
>
> On 8 April 2014 17:46, Daniel Ivanov <sertys at gmail.com> wrote:
>
>> PFS would not by any means protect you by such an implementation failure.
>> And the problem with PFS is the fact that it's wildly believe that the
>> ecliptic curve algorithms behind it are cratfully backdoored.
>>
>>
>> On Tue, Apr 8, 2014 at 12:20 AM, R P Herrold <herrold at owlriver.com>wrote:
>>
>>> On Mon, 7 Apr 2014, Michael Jerris wrote:
>>>
>>> > More information available at  http://heartbleed.com/ .  You should
>>> probably upgrade openssl to at least 1.0.1g and re-generate all keys and
>>> invalidate old keys.
>>>
>>> * nod * looks material.  I mentioned side channel leakage [of
>>> which this is a variant], and the need to move to Perfect
>>> Forward Security in my post last week
>>>
>>> The speculation in the heartbleed site as to CentOS 6 series
>>> PRIOR to the 6.5 updates, seems to be partiall ruled out by:
>>>         https://access.redhat.com/security/cve/CVE-2014-0160
>>>
>>> but the 6.5 update srouces, sadly, adds it, and so we can look
>>> for an openssl update there
>>>
>>> -- Russ herrold
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
>
> --
> Sincerely
>
> Jay
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140414/19e2ae28/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list