<div dir="ltr">if one is using homebrew, the existing OS X openssl lib can be overwritten:<br><br><div>$ openssl version</div><div>OpenSSL 0.9.8y 5 Feb 2013<br><br>$ brew install openssl<br>$ brew link --force openssl<br><br>

open a new terminal (tab)<br><br><div>$ openssl version</div><div>OpenSSL 1.0.1g 7 Apr 2014<br><br>For sure it should be fixed by Apple, but that can take time ...</div></div><div><br></div><div>Cheers</div><div><br></div>

<div>Andy</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 25 April 2014 11:15, Pepi Zawodsky <span dir="ltr"><<a href="mailto:pepi.zawodsky@maclemon.at" target="_blank">pepi.zawodsky@maclemon.at</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><br>
On 25.04.2014, at 04:53, Aaron Zauner <<a href="mailto:azet@azet.org">azet@azet.org</a>> wrote:<br>
> as well as older versions of Mac OS X.<br>
<br>
</div>ALL versions of OS X up to and including the current Mavericks are affected by this.<br>
$ /usr/bin/openssl version<br>
OpenSSL 0.9.8y 5 Feb 2013<br>
<br>
Expanding Ciphersuite B results in:<br>
<br>
$ /usr/bin/openssl ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'<br>


<br>
AES256-SHA:AES128-SHA<br>
<br>
Unexpectedly, DHE ciphers are missing.<br>
<br>
<br>
$ /opt/local/bin/openssl version<br>
OpenSSL 1.0.1g 7 Apr 2014<br>
<br>
$ /opt/local/bin/openssl ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'<br>


<br>
DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA<br>


<br>
Best regards<br>
<span class="HOEnZb"><font color="#888888">Pepi<br>
</font></span><br>_______________________________________________<br>
Ach mailing list<br>
<a href="mailto:Ach@lists.cert.at">Ach@lists.cert.at</a><br>
<a href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach" target="_blank">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Andy Wenk<br>Hamburg - Germany<br>RockIt!<br><br><a href="http://www.couchdb-buch.de" target="_blank">http://www.couchdb-buch.de</a><br><a href="http://www.pg-praxisbuch.de" target="_blank">http://www.pg-praxisbuch.de</a><br>

<br><div><div>GPG fingerprint: <span style="color:rgb(0,0,0);white-space:pre-wrap">C044 8322 9E12 1483 4FEC  9452 B65D 6BE3 9ED3 9588</span></div></div><div><span style="color:rgb(0,0,0);white-space:pre-wrap"><br></span></div>

<div><font color="#000000"><span style="white-space:pre-wrap"><a href="https://people.apache.org/keys/committer/andywenk.asc" target="_blank">https://people.apache.org/keys/committer/andywenk.asc</a></span></font><br></div>

</div>
</div>