HFS including SSl tools

bmartino1 · **Reply #165 on:** March 07, 2015, 06:05:55 PM

US-cert:

NCCIC / US-CERT
National Cyber Awareness System:

FREAK SSL/TLS Vulnerability
03/06/2015 06:19 PM EST

Original release date: March 06, 2015
FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers.

Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability. Microsoft has released a Security Advisory that includes a workaround for supported Windows systems.

Users and administrators are encouraged to review Vulnerability Note VU#243585 for more information and apply all necessary mitigations as vendors make them available. Users may visit freakattack.com to help determine whether their browsers are vulnerable. (Note: DHS does not endorse any private sector product or service. The last link is provided for informational purposes only.)

SilentPliz · **Reply #166 on:** March 10, 2015, 01:21:05 PM

Thank you for the information.

OpenSSL versions before 1.0.1k are vulnerable:

http://www.kb.cert.org/vuls/id/BLUU-9UC2D8

The latest versions I posted online (292) are healthy ; The included versions of OpenSSL are more recent.

Apart from that , it is always recommended that users use a browser updated.

SilentPliz · **Reply #167 on:** March 12, 2015, 05:08:51 PM

12-03-2015 HFS 2.3d SSL 292f is online.

News:
- Stunnel 5.11 final Compiled/running with OpenSSL 1.0.2
.
For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3d SSL #292f :
http://silentpliz.perso.sfr.fr/hfs/hfs.292f.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3d_SSL_292f-src.zip

LeoNeeson · **Reply #168 on:** March 14, 2015, 07:14:12 AM

Talking about security and vulnerabilities, how about this?:

POODLE - An SSL 3.0 Vulnerability (CVE-2014-3566)

Code: [Select]

http://en.wikipedia.org/wiki/POODLE
https://www.us-cert.gov/ncas/alerts/TA14-290A
https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-cve-2014-3566/
https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack

I'm not on technical details about this (I'm not an expert at all about this!), but I was wondering if "HFS 2.3d SSL 292f" is using SSL v3.0 (which is vulnerable) or TLS (which is not vulnerable) by default?...

According to this vulnerability, we should disable (not necessarily remove) SSL, and use TLS by default. Is that possible?...

bmartino1 · **Reply #169 on:** March 14, 2015, 04:41:15 PM

Quote from: LeoNeeson on March 14, 2015, 07:14:12 AM

Talking about security and vulnerabilities, how about this?:

POODLE - An SSL 3.0 Vulnerability (CVE-2014-3566)

According to this vulnerability, we should disable (not necessarily remove) SSL, and use TLS by default. Is that possible?...

Under the stunel config - Manualy edit the stunnel config, under options....
Thatis where you alow/change what protocal...

HFS PAth..\stunnel\stunnel.conf

edit with notepad ++ or notepad

look for disabled... Silent Plz has already done this...:
; Disable support for insecure SSLv2 protocol.
options = NO_SSLv2
; Disable support for insecure SSLv3 protocol.
options = NO_SSLv3

LeoNeeson · **Reply #170 on:** March 16, 2015, 08:12:16 AM

Quote from: bmartino1 on March 14, 2015, 04:41:15 PM

look for disabled... Silent Plz has already done this...:
; Disable support for insecure SSLv2 protocol.
options = NO_SSLv2
; Disable support for insecure SSLv3 protocol.
options = NO_SSLv3

Nice find!, I didn't notice it.

bmartino1 · **Reply #171 on:** March 19, 2015, 08:27:44 PM

Info only!

new open ssl..version "m"?... unknown what version you are using... probably already patched.. but:
---------------
National Cyber Awareness System:

OpenSSL Patches Multiple Vulnerabilities
03/19/2015 12:50 PM EDT

Original release date: March 19, 2015
OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a cause a Denial of Service attack against the server.

Updates available include:

OpenSSL 1.0.2a for 1.0.2 users
OpenSSL 1.0.1m for 1.0.1 users
OpenSSL 1.0.0r for 1.0.0 users
OpenSSL 0.9.8zf for 0.9.8 users
Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

OpenSSL Security Advisory: http://openssl.org/news/secadv_20150319.txt
updates: http://www.openssl.org/news/

SilentPliz · **Reply #172 on:** March 20, 2015, 01:28:27 PM

20-03-2015 HFS 2.3d SSL 292g is online.

News:
- Stable release
- Stunnel 5.13 Compiled/running with OpenSSL 1.0.2a

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3d SSL #292g :
http://silentpliz.perso.sfr.fr/hfs/hfs.292g.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3d_SSL_292g-src.zip

SilentPliz · **Reply #173 on:** March 25, 2015, 03:15:25 PM

26-03-2015 HFS 2.3e SSL 293a is online.

News:
- Stable release
+ upload: multiple file selection
+ search accounts by typing the first letter
* using jquery's CDN instead of google's
- delete not working after archive http://www.rejetto.com/forum/bug-reports/2-3d-(292)-delete-after-archive-repeats-the-archive-download-again/
- getUri problem http://www.rejetto.com/forum/programmers-corner/last-beta-sources/msg1059938/#msg1059938
- a big MD5 file can hang http://www.rejetto.com/forum/bug-reports/hfs-hangs-on-access/

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293a :
http://silentpliz.perso.sfr.fr/hfs/hfs.293a.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293a-src.zip

SilentPliz · **Reply #174 on:** March 26, 2015, 04:07:57 PM

26-03-2015 HFS 2.3e SSL 293a is online.

News:
- Stable release
+ upload: multiple file selection
+ search accounts by typing the first letter
* using jquery's CDN instead of google's
- delete not working after archive http://www.rejetto.com/forum/bug-reports/2-3d-(292)-delete-after-archive-repeats-the-archive-download-again/
- getUri problem http://www.rejetto.com/forum/programmers-corner/last-beta-sources/msg1059938/#msg1059938
- a big MD5 file can hang http://www.rejetto.com/forum/bug-reports/hfs-hangs-on-access/

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293a :
http://silentpliz.perso.sfr.fr/hfs/hfs.293a.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293a-src.zip

SilentPliz · **Reply #175 on:** March 30, 2015, 04:04:54 PM

30-03-2015 HFS 2.3e SSL 293a is online.

News:
- Stable release
- Stunnel 5.14 Compiled/running with OpenSSL 1.0.2a-fips

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293a :
http://silentpliz.perso.sfr.fr/hfs/hfs.293a.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293a-src.zip

SilentPliz · **Reply #176 on:** April 09, 2015, 01:27:11 PM

09-04-2015 HFS 2.3e SSL 293b is online.

News:
- Stable release
- Stunnel 5.14 Compiled/running with OpenSSL 1.0.2a-fips

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293b :
http://silentpliz.perso.sfr.fr/hfs/hfs.293b.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293b-src.zip

SilentPliz · **Reply #177 on:** April 11, 2015, 03:04:29 PM

11-04-2015 HFS 2.3e SSL 293c is online.

News:
- Stable release
- button on "vfs tab" : explorer.exe

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293c :
http://silentpliz.perso.sfr.fr/hfs/hfs.293c.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293c-src.zip

SilentPliz · **Reply #178 on:** April 17, 2015, 04:48:17 PM

17-04-2015 HFS 2.3e SSL 293d is online.

News:
- Stable release
- Stunnel 5.15 Compiled/running with OpenSSL 1.0.2a-fips

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293d :
http://silentpliz.perso.sfr.fr/hfs/hfs.293d.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293d-src.zip

SilentPliz · **Reply #179 on:** April 20, 2015, 12:03:30 PM

20-04-2015 HFS 2.3e SSL 293e is online.

News:
- Stable release
- Stunnel 5.16 Compiled/running with OpenSSL 1.0.2a-fips

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293e :
http://silentpliz.perso.sfr.fr/hfs/hfs.293e.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293e-src.zip

HFS including SSl tools

bmartino1

Re: For testing purpose (HFS including SSl tools)

SilentPliz

Re: For testing purpose (HFS including SSl tools)

SilentPliz

Re: For testing purpose (HFS including SSl tools)

LeoNeeson

Re: For testing purpose (HFS including SSl tools)

bmartino1

Re: For testing purpose (HFS including SSl tools)

LeoNeeson

Re: For testing purpose (HFS including SSl tools)

bmartino1

Re: HFS including SSl tools

SilentPliz

Re: HFS including SSl tools

SilentPliz

Re: HFS including SSl tools

SilentPliz

Re: HFS including SSl tools

SilentPliz

Re: HFS including SSl tools

SilentPliz

Re: HFS including SSl tools

SilentPliz

Re: HFS including SSl tools

SilentPliz

Re: HFS including SSl tools

SilentPliz

Re: HFS including SSl tools