Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openssl && CVE-2022-0778

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 692 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Luca De Andreis
      last edited by

      hi everyone,

      I use HAProxy as a concentrator and as an element of TLS offloading. Regarding this problem of openssl libraries: CVE-2022-0778 is an update planned before the release of the new version of PfSense?

      Thank you

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Unless you require client certificates for authentication, it wouldn't typically be relevant to that role. When acting as a server the problem scenario would be if a client submits a maliciously crafted bad certificate. If HAProxy isn't configured to allow client certificates, no peer would have an opportunity to feed HAProxy such a bad certificate.

        If you are doing TLS handoff to other TLS servers, then it could maybe get a bad cert from one of them, but if one of your own internal servers is compromised you have a lot more problems than a HAProxy DOS.

        If HAProxy is doing TLS handoff to plain HTTP backends then there is no opportunity for that CVE to come into play that I'm aware of.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        L 1 Reply Last reply Reply Quote 1
        • L
          Luca De Andreis @jimp
          last edited by

          @jimp

          Perfect, very thanks !

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.