https://www.openssl.org/news/secadv_20150319.txt
OpenSSL critical vulnerabilities! All of it depends on this piece of software, from SSH to Peercoin itself.
If you do any minting (on any platform), please stop now. Until developers release updated versions.
I will get on it ASAP.
The standard on peerunity and ppcoin are openssl v1.0.1g as shown by this commit update:
anyone who builds from source should be able to download latest openssl version and update the files shown here to resolve all problems.
I will see if i can put a pull request together once I have tested the process myself.
Fuzzybear
Apart from the RPC port, which other component of our Peercoin clients establish TLS communications?
OpenSSL is mainly used in Peercoin because of its crypto functions. Nodes do not use SSL/TLS to communicate between each other. If the RPC port is not reachable from the outside world and if the ssl option is not enabled for RPC there is no use of TLS…
Edit:
Unless you have this setup in your configuration file (ppcoin.conf) there is 0 risk to be impacted by these vulnz:
server=1
rpcuser=username
rpcpassword=password
rpcallowip=*
rpcssl=1
No drama boyz :).
This is important, but not as critical as the OpenSSL developers lead (marketed) the World to believe. It’s not Heartbleed, at least at first glance.
No it is not so critical. It is more like a notification “OpenSSL sucks, you should seek alternative”.
It is shame that one of the Internet core software is such a trainwreck.
Still, I ask all responsible to update SSL to latest version. I will move Peerbox to LibreSSL.