While he was at it justdave also fixed the ssl options. https://trac.xiph.org/ticket/1718 This is important as it actually can be security critical if SSL is used.
Do we really need that many ? http://www.google.com/codesearch/p?hl=en#5KTrgOW2hXs/pub/nslu2/sources/vsftpd-2.0.4.tar.gz%7CXknrlk4c3C4/vsftpd-2.0.4/ssl.c&q=SSL_CTX_set_cipher_list vsftpd seems to only be including "DES-CBC3-SHA" http://www.google.com/codesearch?q=tunable_ssl_ciphers&exact_package=http://ftp.osuosl.org/pub/nslu2/sources/vsftpd-2.0.4.tar.gz&hl=en That appart (and I'm no OpenSSL savvy), the patch looks good. Cheers, -- Niv Sardi
Hi Niv, Thanks for your comments. I'm CC'ing the patch author. On Wed, Aug 04, 2010 at 05:37:44PM +0200, Niv Sardi wrote:> Do we really need that many ? > http://www.google.com/codesearch/p?hl=en#5KTrgOW2hXs/pub/nslu2/sources/vsftpd-2.0.4.tar.gz%7CXknrlk4c3C4/vsftpd-2.0.4/ssl.c&q=SSL_CTX_set_cipher_list > > vsftpd seems to only be including "DES-CBC3-SHA" > http://www.google.com/codesearch?q=tunable_ssl_ciphers&exact_package=http://ftp.osuosl.org/pub/nslu2/sources/vsftpd-2.0.4.tar.gz&hl=en > > That appart (and I'm no OpenSSL savvy), the patch looks good.I have to admit that I haven't even looked at the patch while forwarding the information, but I'm willing to trust justdave here as he most likely looked at what Mozilla products do and why they do it. ;-) Cheers Thomas PS: List requires subscription to post.
Maybe Matching Threads
- fix for unsafe ssl options
- fix for unsafe ssl options
- announcing an *early preview* of a cross-referencing code search website for LLVM
- samba 3.0.22 and OS/2 connectivity
- Rsync error 'unexpected tag 93' when --log-file= parameter is present and run from crontab