[kde-freebsd] PR 210053
Schaich Alonso
alonsoschaich at fastmail.fm
Sun Jun 5 15:22:11 UTC 2016
On Sun, 05 Jun 2016 16:49:20 +0200
Ralf Nolden <nolden at kde.org> wrote:
>
> Hi Alonso,
>
> thanks for the info. On the Qt side (where it appears as a problem in
> QtNetwork) we've added now a patch to only support openssl. The usability of
> libressl and the support for that can be argued about, however, I think we
> should at least write up some advisory what is used where so people know how
> to treat problems with Qt-related software in case of security advisories.
>
> If the use of libressl instead of openssl can be made optional by an option
> and keep the defaults at openssl, I'm fine with any patch as long as it is up
> to the user to build that with qca. (on Qt, I wouldn't do that on qt5-network
> because it is not officially supported by Qt).
>
libressl is already an option, defaulting on base's openssl. [1]
> Until that is given, I wouldn't use the patch. How is upstream handling the
> use of libressl ?
> --
> Kind regards,
>
> Ralf Nolden
>
Hi
Upstream has the same approach that we have for handling SHA-0[2], and
a different one for SSL3: They don't provide a fallback if there's no
SSLv3 support [3], while the FreeBSD wiki proposes to do SSLv23 [4]
References:
[1] https://wiki.freebsd.org/LibreSSL
[2] https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156
[3] https://quickgit.kde.org/?p=qca.git&a=commit&h=20a587d77636186edb044cd2b71d6d90fe98d232
[4] https://wiki.freebsd.org/LibreSSL/PatchingPorts#SSLv2.2FSSLv3_method_failures
Alonso
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 603 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-freebsd/attachments/20160605/11c7b675/attachment-0001.sig>
More information about the kde-freebsd
mailing list