well, its that time again
Just thought i would post the new USCERT info
https://www.us-cert.gov/ncas/current-activity/2016/01/14/OpenSSH-Client-Vulnerability
https://www.kb.cert.org/vuls/id/456088
------------------------------------------------------------
I believe this is unaffected to this as the protocol sslv2 is disabled and the stunel in the current build is using tls protocol..., but for your information only:
as of marchMarch 1st, another vulnerability in open ssh, the solution is not to use ssl , the tool here has it disabled by default, but there was another vulnerability in ssl v2 that they found:
https://www.openssl.org/news/secadv/20160301.txt
more info form uscert ssl drwon atack confirmed...:
https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack
https://www.kb.cert.org/vuls/id/583776
Just thought i would post the new USCERT info
https://www.us-cert.gov/ncas/current-activity/2016/01/14/OpenSSH-Client-Vulnerability
https://www.kb.cert.org/vuls/id/456088
------------------------------------------------------------
I believe this is unaffected to this as the protocol sslv2 is disabled and the stunel in the current build is using tls protocol..., but for your information only:
as of marchMarch 1st, another vulnerability in open ssh, the solution is not to use ssl , the tool here has it disabled by default, but there was another vulnerability in ssl v2 that they found:
https://www.openssl.org/news/secadv/20160301.txt
more info form uscert ssl drwon atack confirmed...:
https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack
https://www.kb.cert.org/vuls/id/583776