OpenSSL
Niels Dettenbach (Syndicat IT&Internet)
nd at syndicat.com
Mon Apr 7 23:24:16 PDT 2014
On 8. April 2014 05:34:28 MESZ, Ludwig <macports at metaspasm.org> wrote:
>What else do I need to do about the addressed vulnerability besides
>updating
>the port — generate new keys or what?
...as far as i informed about the current security notice / patch in OpenSSH (!) it makes no sense to generate new host or client keys. It could make sense to delete the known_hosts as the sec flaw could make it possible in curcumstances that a new client connects to a DNS faked host when not verifying the host key fingerprint during the host verifying process.
cheerioh,
Niels.
--
Niels Dettenbach
Syndicat IT&Internet
http://www.syndicat.com
More information about the macports-users
mailing list