½Ã½ºÅÛ°ü¸®ÀÚÀÇ ½°ÅÍ, Ä¿ÇǴнº http://coffeenix.net ½Ã½ºÅÛ°ü¸®ÀÚÀÇ ½°ÅÍ - *NIX, º¸¾È, ³×Æ®¿÷ ¿î¿µ, IT Á¤º¸ ko ƯÁ¤ ¾Èµå·ÎÀ̵å WebView ¹öÀü¿¡¼­ SSL ¹®Á¦ (WebView ¹ö±×) http://coffeenix.net/bbs/viewtopic.php?p=10652#10652


¿¹¸¦ µé¾î ´Ù½Ã Á¤¸®Çغ¸ÀÚ. ´ÙÀ½ ȯ°æ¿¡¼­ ¾îÇà -> https ¿äûÇϸé Transparency ¿¡·¯°¡ ¹ß»ýÇÑ´Ù.

- Ŭ¶óÀ̾ðÆ® : Android WebView 54.0.2840.68 ¶Ç´Â 54.0.2840.85 ¹öÀü
- ¼­¹ö : https ¼­¹ö¿¡ Symantec ÀÎÁõ¼­ ¼³Ä¡

°¶·°½Ã S6(SM-G920), S7(SM-G930), J5(SM-J500), J7(SM-J700), LG G3(LG-F400), ... µî ¿©·¯ Æù¿¡¼­ À¯ÀúÀÇ ¾÷µ¥ÀÌÆ®¿¡ µû¶ó WebView 54.0.2840.85¹öÀüÀ» »ç¿ëÇÑ´Ù. Á¦Á¶»ç´Â WebView 55 ¾÷µ¥ÀÌÆ®¸¦ Á¦°øÇÑ´Ù. ¸ðµç À¯Àú°¡ ¾÷µ¥ÀÌÆ®ÇÏÁö´Â ¾ÊÀ» °ÍÀÌ´Ù. µû¶ó¼­ ƯÁ¤ WebView ¹öÀüÀÏ ¶§´Â ¾îÇÿ¡¼­ Transparency ¿¡·¯°¡ ³ª´õ¶óµµ https ¿äûÇϵµ·Ï ¿¹¿Ü ó¸®ÇÑ´Ù.

Âü°í·Î User agent¿¡´Â Chrome/54.0.2840.85 Çü½ÄÀ¸·Î Ç¥½ÃµÈ´Ù.

ÀÌ ¹ö±×¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â symantec »çÀÌÆ®¿¡ ³ª¿Í ÀÖ´Ù.

Warning | Certificate Transparency error with Chrome 53
https://knowledge.symantec.com/support/mpki-for-ssl-support/index?page=content&id=ALERT2161&actp=LIST&viewlocale=en_US


--------------- quote --

There is a bug in Chrome version 53 that affects some Symantec, GeoTrust, and Thawte SSL/TLS certificates resulting in an error displaying when visiting affected websites. There are no issues with the certificates used on the affected sites, and replacing these certificates will not help. This is entirely a bug with Certificate Transparency handling that is only present in some versions of Chrome (53 and 54).

--------------- /quote --



--------------- quote --

App users will need to update/download WebView/Chrome 55 from the App Store/PlayStore for the fix.

Downloading WebView/Chrome 54 today will provide a temporary solution.

Build ID 54.0.2840.68 Expires 12/27/2016
Build ID 54.0.2840.85 Expires 1/7/2017

--------------- /quote --
]]> *NIX / IT Á¤º¸ Wed, 11 Jan 2017 14:57:22 +0900 ºê¶ó¿ìÀúº° SHA1 ÅðÃâ ½ÃÁ¡ http://coffeenix.net/bbs/viewtopic.php?p=10621#10621 http://media.daum.net/digital/others/newsview?newsid=20151221111207351

- MS : MSIE, 6°³¿ù ¾Õ´ç°Ü 2016.6~
- ¸ðÁú¶ó : Firefox, ¾Õ´ç°Ü 2016.7.1~
- ±¸±Û : Å©·Ò, 2017.1.1~

±¸±ÛÀº SHA1 ÅðÃâÀ» À§ÇØ 2´Ü°è Á¶Ä¡¸¦ ÃëÇÒ ¿¹Á¤.
1´Ü°è : Å©·Ò48ÀÌ Á¤½Ä ¹èÆ÷µÇ´Â 2016³â 1¿ù ¸»ºÎÅÍ ÇØ´ç ºê¶ó¿ìÀú¿¡¼­´Â »õ·Î ¹ß±ÞµÇ´Â SHA1 ÀÎÁõ¼­¸¦ Â÷´Ü.
2´Ü°è : 2017³â 1¿ù1ÀϺÎÅÍ´Â »õ·Î ¹ß±ÞµÈ SHA1 ÀÎÁõ¼­ ¿Ü¿¡ ±âÁ¸¿¡ ¹ß±ÞµÈ ÀÎÁõ¼­µé¿¡ ´ëÇؼ­µµ ¿ÏÀüÈ÷ Áö¿ø Áß´Ü.

--------------------------------------------

ÀÎÁõ¼­ ¹ß±Þ¾÷ü¸¶´Ù ´Ù¸¦Áö ¸ð¸£Áö¸¸, »õ·Î SSLÀÎÁõ¼­ ¹ß±Þ¹ÞÀ¸¸é SHA2 ÀÎÁõ¼­·Î ¹ß±ÞµÉ °Å¿¡¿ä. º»ÀÎÀÇ ÀÎÁõ¼­°¡ SHA1ÀÎÁö SHA2ÀÎÁö È®ÀÎÇÏ·Á¸é openssl ¸í·ÉÀ¸·Î È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù. °á°ú°ª¿¡ 'Signature Algorithm: sha1WithRSAEncryption'ÀÌ Æ÷ÇԵǸé SHA1ÀÔ´Ï´Ù. sha256WithRSAEncryption ´Â SHA2ÀÔ´Ï´Ù.


--------------- quote --

$ echo ""|openssl s_client -connect <¼­¹ö>:443 |openssl x509 -noout -text

--------------- /quote --


¡Ø Âü°í : openssl·Î ÀÎÁõ¼­ Á¤º¸ »ìÆ캸±â (±Û ÁÁÀºÁøÈ£, 2008.12)]]> *NIX / IT Á¤º¸ Mon, 21 Dec 2015 18:05:42 +0900 ¶Ç ´Ù¸¥ ¹«·á SSL ÀÎÁõ¼­, Let's Encrypt http://coffeenix.net/bbs/viewtopic.php?p=10326#10326 EFF, ¸ðÁú¶ó, ½Ã½ºÄÚ, ¾ÆÄ«¸¶ÀÌ, IdenTrust, ¹Ì½Ã°£´ë µîÀÌ Âü¿©ÇÕ´Ï´Ù.



¸î ³â ÀüºÎÅÍ ¹«·á·Î ¹ß±ÞÇØÁÖ°í ÀÖ´Â StartSSLÀº pay, shop, bank, credit, finance µîÀÌ µµ¸ÞÀο¡ Æ÷ÇÔµÇ¸é ¹ß±ÞÀ» ¾ÈÇØÁá´Âµ¥, ÀÌ SSL ÀÎÁõ¼­´Â Á¦¾àÀÌ
ÀÖ´ÂÁö ¸ð¸£°Ú±º¿ä.
StartSSL°ú Let's Encrypt 2°³ÀÇ ¹«·á ±Þ½Ä¼Ò¿¡¼­ °ñ¶ó¸Ô´Â Àç¹Ì¸¦ ´À³¥ ³¯ÀÌ ¸î´Þ ³²Áö ¾Ê¾Ò½À´Ï´Ù. 9¿ùÀ̸é Á¤½ÄÀ¸·Î »ç¿ëÇÒ ¼ö ÀÖÀ» °Í °°³×¿ä.

First certificate: Week of July 27, 2015
General availability: Week of September 14, 2015

http://thehackernews.com/2015/06/free-ssl-certificate.html
https://letsencrypt.org/

±×¸®°í, ºê¶ó¿ìÀú Áö¿ø °ü·ÃÇؼ­ Let's Encrypt »çÀÌÆ®ÀÇ FAQ¿¡ ´ÙÀ½°ú °°Àº ³»¿ëÀÌ ÀÖ½À´Ï´Ù.


--------------- quote --

Will certificates from Let¡¯s Encrypt be trusted by my browser?
The short answer is ¡°yes¡±.

The long answer is that our issuing intermediates will be cross-signed by a widely trusted IdenTrust root (DST Root CA X3). This will allow our certificates to be trusted while we work on propagating our own root.

--------------- /quote --


Let's EncryptÀÇ intermediate ÀÎÁõ¼­°¡ IdenTrust root ÀÎÁõ¼­(DST Root CA X3)¿¡ ÀÇÇØ cross-signedµÇ¾ú´Ù°í ÀûÈù°É º¸¸é, ¸ðµç ºê¶ó¿ìÀú¿¡¼­ ¹Ù·Î µÈ´Ù´Â Àǹ̰°½À´Ï´Ù. ¿Ö³Ä¸é DST Root CA X3´Â ºê¶ó¿ìÀú¿¡ ±âº»ÀûÀ¸·Î µé¾î°¡ ÀÖÀ¸´Ï±ñ¿ä. (Âü°í·Î ÇöÀç Let's»çÀÌÆ® ÀÎÁõ¼­µµ ÃÖ»óÀ§ root´Â DST Root CA X3)
100% È®½ÇÇÏÁö´Â ¾Ê½À´Ï´Ù. Let's EncryptÀÇ ±ÛÀ» Á¤È®È÷ ÀÌÇØÇÏÁö ¸øÇÑ »óÅ¿¡¼­ ÆÇ´ÜÇѰŶó¼­.]]> *NIX / IT Á¤º¸ Mon, 29 Jun 2015 13:07:18 +0900 FreeBSD¿¡¼­ Leap Second(À±ÃÊ)´Â? ¹®Á¦ ¾ø´Ù. http://coffeenix.net/bbs/viewtopic.php?p=10325#10325 2015³â À±ÃÊ(Leap second) »ðÀÔ °ü·Ã ¼­¹ö Á¡°Ë»çÇ×'(2015.6.22.) ¿¡¼­µµ ¸®´ª½º(Linux)¸¸ ¾ð±ÞÇßÁÒ. ¾ê±â°¡ ¾ø´Â °Ç ¹®Á¦°¡ ¾ø±â ¶§¹®ÀÔ´Ï´Ù.



2012³â À±ÃÊ »ðÀÔ ¶§, Àú´Â FreeBSD¼­¹ö¿¡¼­ ¾Æ¹« °Íµµ ÇÑ °ÍÀÌ ¾ø½À´Ï´Ù.
À±ÃÊ·Î ¹ß»ýÇÏ´Â ¹®Á¦°¡ ¾ø±â ¶§¹®¿¡ ¼­¹ö´Â ´ÜÁö 1ÃÊÀÇ ½Ã°£Â÷¸¸ ¸ÂÃçÁÖ¸é µË´Ï´Ù.
ÀÌ¹Ì ¼­¹öµéÀº ½Ã°£µ¿±âÈ­°¡ ¼ÂÆõǾî Àֱ⠶§¹®¿¡ 1ÃÊ´Â ÀÚµ¿À¸·Î ¸ÂÃçÁý´Ï´Ù. µû·Î ÇÒ °ÍÀÌ ¾ø´Â °ÅÁÒ.


--------------- code --

(1) »óÀ§ NTP ¼­¹öµé(´ç½ÅÀÇ ¼­¹ö ¾Æ´Ô) <-> (2) ³»ºÎ NTP¼­¹ö (´ç½ÅÀÌ °ü¸®ÇÏ´Â ¼­¹ö) <-> (3) ntpdate¸¦ ½ÇÇàÇÏ´Â ´Ù¼öÀÇ ¼­¹öµé

--------------- /code --

À§¿¡¼­ ³ª¿Í °ü·ÃµÈ ¼­¹ö´Â 2¹ø°ú 3¹øÀÔ´Ï´Ù.

(2) ntpd µ¥¸óÀ» µ¹¸®´Â ¼­¹ö´Â ÀÚµ¿À¸·Î »óÀ§ NTP ¼­¹ö·Î ºÎÅÍ À±ÃÊ »ðÀÔÀÌ µÇ¾î ½Ã°£µ¿±âÈ­µË´Ï´Ù.
(3) ³ª¸ÓÁö ¼­¹öµéÀº ³»ºÎ NTP¼­¹ö¸¦ ÅëÇØ ÀÚµ¿ µ¿±âÈ­µË´Ï´Ù. (ntpdate ¸í·É)

FreeBSD¿¡¼­ À±ÃÊ´Â ½Å°æ¾²Áö ¸¶½Ã°í, ÆíÈ÷ ¿î¿µÇϼ¼¿ä.
FreeBSD ¹®¼­¿¡ À±Ãʸ¦ ´Ù·é 'FreeBSD Support for Leap Seconds' ±ÛÀÌ Çϳª Àִµ¥ Âü°í·Î Àо¼¼¿ä.


--------------- quote --

We believe and expect that FreeBSD, if provided correct and stable NTP service, will work as designed during this leap second, as it did during the previous ones.
... »ý·« ...
In practice, leap seconds are usually not a problem on FreeBSD. We hope that this overview helps clarify what to expect and how to make the leap second event proceed more smoothly.

--------------- /quote --
]]> *NIX / IT Á¤º¸ Mon, 29 Jun 2015 13:03:52 +0900 2015.7.1. À±ÃÊ(Leap second) »ðÀÔ °ü·Ã ¼­¹ö Á¡°Ë»çÇ× http://coffeenix.net/bbs/viewtopic.php?p=10319#10319

--------------- code --

2015.06.30 23:59:58
2015.06.30 23:59:59
2015.06.30 23:59:60 <-- À±ÃÊ »ðÀÔ
2015.07.01 00:00:00

--------------- /code --

À§ ½Ã°£Àº UTC±âÁØÀ̹ǷÎ, ¿ì¸® ³ª¶ó ½Ã°£(KST)À¸·Î´Â 08:59:60 -> 09:00:00ÀÔ´Ï´Ù.

¹Ì¸£´Ô 3°¡Áö ÁÖÀÇÁ¡¿¡ ´ëÇØ ±ò²ûÇÏ°Ô Á¤¸®Çß¿ä. The Leap second (2015.6.20.)

1. ¸®´ª½º Ä¿³Î ¹öÀü ÆÐÄ¡
2. NTPµ¥¸óÀº slew ¸ðµå·Î µ¿ÀÛÇÏ°Ô.
3. NTPµ¥¸ó ¾Èµ¹¸®´Â ¼­¹ö´Â tzdate¸¦ tzdata-2015a-1 ÀÌ»óÀ¸·Î ¾÷±×·¹À̵å

¹Ì¸£´Ô ±Û Áß¿¡ ÆÐÄ¡¾ÈµÈ ³·Àº Ä¿³ÎÀ̸é '100% È®·ü·Î Freeze ¶Ç´Â ¸®ºÎÆÃÀÌ ¹ß»ýÇÒ ¼ö ÀÖ´Ù'°í Çß½À´Ï´Ù¸¸, ÀÌ ºÎºÐ¿¡ ´ëÇؼ­´Â Á¦°¡ ¾ËÁö ¸øÇÕ´Ï´Ù. freeze³ª rebootµÉ °¡´É¼ºÀº Àִµ¥ 100%ÀÎÁö´Â ¸ð¸£°Ú¾î¿ä. ¿©·¯ ¹®¼­¿¡¼­ 100%¶ó´Â ±ÛÀ» º»ÀûÀÌ ¾ø°í, ¹ß»ýÇÒ ¼ö ÀÖ´Ù´Â ±Û¸¸ À־.

------------------------------------------------------------------------------------

´öºÐ¿¡ Àúµµ Á» Ãß°¡·Î Á¤¸®Çغ¾´Ï´Ù. ¹Ì¸£´ÔÀÇ ±ÛÀ» Àаí ÀÌ ±ÛÀ» ÀÐ´Â°Ô ³ªÀ»°Ì´Ï´Ù.
°á·ÐÀûÀ¸·Î º¸¸é, ²ÙÁØÈ÷ Ä¿³Î°ú ÆÐÅ°Áö¸¦ ¾÷µ¥ÀÌÆ®ÇßÀ¸¸é Å©°Ô ½Å°æ¾µ °Ç ¾øÀ» °Í °°½À´Ï´Ù.


1. ¹®Á¦°¡ ÇØ°áµÈ Ä¿³ÎÀÌ ¾ðÁ¦ ³ª¿Ô´ÂÁö ã¾ÆºÃ½À´Ï´Ù. (¹öÀüÀº ¹Ì¸£´Ô ±Û¿¡¼­)


--------------- code --

RHEL 6 : 2.6.32-279.5.2, 2012.8.
RHEL 5 : 2.6.18-164, 2009.9.
RHEL 4 : 2.6.9-89, 2009.5.

--------------- /code --


¿À·¡µÆÁÒ? ²ÙÁØÈ÷ ¾÷µ¥ÀÌÆ®Çß´Ù¸é Ä¿³Î ¹®Á¦´Â ¾ø½À´Ï´Ù.
RHEL, CentOS¸¦ Á¦¿ÜÇÑ ´Ù¸¥ ¸®´ª½º ¹èÆ÷ÆÇÀº Á÷Á¢ È®ÀÎÇغ¸¼¼¿ä.

¡Ø Ä¿³Î ¹öÀü¿¡ ´ëÇؼ­´Â Ãß°¡·Î È®ÀÎÇغ¸°í Àû½À´Ï´Ù. (2015.6.23.(È­) AM 11½Ã Ãß°¡)

--------------- quote --

'Resolve Leap Second Issues in Red Hat Enterprise Linux'À» Åä´ë·Î ÀϺΠ´õ ã¾Æº¸°í.

1) RHEL 7 : Ä¿³Î ¹öÀü ¹®Á¦ ¾øÀ½

2) RHEL 6 : ƯÁ¤ Ä¿³Î ¹öÀüÀÌÇÏ¿¡¼­ hang¹ß»ýÇÒ ¼ö
kernel-2.6.32-279.5.2, 2012.8.
840950 - livelock in leapsecond insertion [rhel-6.3.z] ( https://rhn.redhat.com/errata/RHBA-2012-1199.html )
À±ÃÊ »ðÀÔ ÈÄ CPU½Ã°£À» 100% ¼Ò¸ðÇÒ ¼ö ÀÖ´Â ¹ö±× ¼öÁ¤

RHEL 6Àº ÀÌÈÄ¿¡ ³ª¿Â ¹öÀüÁß À±ÃÊ°ü·ÃµÈ°Ô Çϳª ´õ ÀÖ±º¿ä.
kernel-2.6.32-358, 2013.2.
836803 - RHEL6: Potential fix for leapsecond caused futex related load spikes ( https://rhn.redhat.com/errata/RHSA-2013-0496.html )
À±Ãʸ¦ À§ÇÑ futex °ü·ÃÇÏ¿© load spike¸¦ ¹ß»ýÇÒ ¼ö ÀÖ´Â ÀáÀçÀûÀÎ ¹ö±× ¼öÁ¤. º¸´Ù ¾ÈÁ¤ÀûÀ¸·Î °¡·Á¸é kernel-2.6.32-358 ÀÌ»óÀ̾î¾ß ÇÒ µí.

3) RHEL 5 : ƯÁ¤ Ä¿³Î ¹öÀüÀÌÇÏ¿¡¼­ crashµÉ ¼ö
kernel-2.6.18-164 ÀÌÀü ¹öÀü ¹®Á¦.
479765 - Leap second message can hang the kernel ( https://rhn.redhat.com/errata/RHSA-2009-1243.html )
hang ¹ß»ýµÉ ¼ö ÀÖ´Â ¹ö±× ¼öÁ¤

4) RHEL 4 : ƯÁ¤ Ä¿³Î ¹öÀüÀÌÇÏ¿¡¼­ crashµÉ ¼ö
kernel-2.6.9-89 ÀÌÀü ¹öÀü ¹®Á¦.
https://access.redhat.com/solutions/1325313

--------------- /quote --



2. NTP µ¥¸óÀÇ slew ¸ðµå

½Ã½ºÅÛ ±Ô¸ð°¡ Á¶±ÝµÇ¸é NTP¼­¹ö ¿î¿µÇϽÇÅÙµ¥, NTP¼­¹ö´Â ½Ã°£º¸Á¤ÇÏ´Â ¹æ¹ýÀÌ step ¸ðµå¿Í slew ¸ðµå 2°¡Áö°¡ ÀÖ½À´Ï´Ù.

- step ¸ðµå´Â Áï½Ã ½Ã°£À» º¸Á¤ÇÕ´Ï´Ù.
- slew ¸ðµå´Â ¾ÆÁÖ ¾ÆÁÖ ÃµÃµÈ÷ ½Ã°£À» º¸Á¤ÇÕ´Ï´Ù. 1ÃÊ´ç 0.5ms·Î º¸Á¤ÇØÁÝ´Ï´Ù.
±×·¯´Ï±ñ 1Ãʶó´Â ½Ã°£À» º¸Á¤Çϴµ¥ 2000ÃÊ(1000/0.5 = 2000)¶ó´Â ½Ã°£À» ³ª´²¼­ ¾ÆÁÖ Á¶±Ý¾¿ º¸Á¤ÇØÁִ°ÅÁÒ.
½Ã°£¿¡ ¹Î°¨ÇÑ °æ¿ì ÀÌ·¸°Ô ÇÏ´Â°Ô ÁÁ½À´Ï´Ù.

°³ÀÎÀûÀ¸·Î º¸±â¿£ ¹Î°¨¼ºÀÌ Áß¿äÇÏÁö ¾Ê´Â °÷¿¡¼­´Â step¸ðµå(¿É¼Ç¾ø´Ù¸é default)·Î Çصµ »ó°ü¾øÀ» °Í °°½À´Ï´Ù. À¥¼­ºñ½º¸¦ ÁÖ·ÎÇÏ´Â °÷¿¡¼­ ¼­¹ö°¡ 1ÃÊ º¯°æµÇ´Âµ¥ ¹Î°¨ÇÒ Á¤µµ°¡ ¾Æ´Ï´Ï±ñ¿ä. ntpdate¸¦ ½ÇÇàÇϴ Ŭ¶óÀ̾ðÆ®¿¡¼­µµ ÀÚü NTP¼­¹ö¿Í ¸îºÐ°£°ÝÀ¸·Î µ¿±âÈ­½ÃÅ°´Â °æ¿ì´Â µå¹°Àݾƿä? ¸î½ÊºÐ¿¡¼­ ¸î½Ã°£°£°ÝÀ¸·Î °¡Á®¿ÃÅ×´Ï, ±×¸¸Å­ ½Ã°£ ¹Î°¨µµ´Â ³·´Ù´Â ÀǹÌÁÒ.

º»ÀεéÀÌ ¿î¿µÇÏ´Â ¼­ºñ½º Ư¼ºÀ» Àß ÆÇ´ÜÇؼ­ step¸ðµå·Î ³öµÑÁö slew¸ðµå·Î º¯°æÇÒÁö °í¹ÎÇÏ¸é µÉ °Í °°½À´Ï´Ù.
NTP¼­¹öÀÇ slew¸ðµå·Î º¯°æÀº ¹Ì¸£´ÔÀÌ ÀÛ¼ºÇϽŠ±Ûó·³ ntdpµ¥¸ó¿¡ -x ¿É¼ÇÀ» Ãß°¡Çؼ­ ½ÇÇàÇÏ¸é µË´Ï´Ù.

Ȥ½Ã³ª ½Í¾î ´Ù½Ã ¾ê±âÇϴµ¥, step, slew¸ðµå ¼³Á¤Àº ntpd µ¥¸óÀÌ µ¹¾Æ°¡´Â ¼­¹ö¿¡ ´ëÇÑ °ÍÀÔ´Ï´Ù. ntpdate¸¦ ½ÇÇàÇÏ´Â ´Ù¼öÀÇ ¼­¹ö¸¦ ¸»ÇÏ´Â°Ô ¾Æ´Õ´Ï´Ù. ¾Æ·¡¿¡¼­ 2¹ø ¼­¹ö¿¡¸¸ ÇØ´çµË´Ï´Ù.

--------------- code --

(1) ¿ÜºÎ °ø½Ä NTP ¼­¹öµé(´ç½ÅÀÇ ¼­¹ö ¾Æ´Ô) <-> (2) ³»ºÎ NTP¼­¹ö (´ç½ÅÀÌ °ü¸®ÇÏ´Â ¼­¹ö) <-> (3) ntpdate¸¦ ½ÇÇàÇÏ´Â ´Ù¼öÀÇ ¼­¹öµé
--------------- /code --



3. ÃÖ±Ù¿¡ À±ÃÊ°¡ ¾ðÁ¦ ¹ß»ýÇß´ÂÁö ã¾ÆºÃ´õ´Ï °ÅÀÇ 2006³â ºÎÅÍ´Â °ÅÀÇ 3³â¸¶´Ù Çѹø¾¿ ÀÖ¾ú³×¿ä.
±× ÀÌÀü¿¡´Â ´õ ÀÚÁÖ ÀÖ¾ú±¸¿ä. 2012³â¿¡ ¹®Á¦°¡ ¹ß»ýÇß´Ù¸é ±× ¶§ ¹¹°¡ ¹®Á¦¿´´ÂÁö Àß ±â¾ïÇϽðí Á¶Ä¡¸¦ ÃëÇϼ¼¿ä.


--------------- code --

2006.1.1.
2009.1.1.
2012.7.1.
2015.7.1.

--------------- /code --



4. tzdata°¡ À̹ø À±ÃʱîÁö Æ÷ÇÔµÈ °æ¿ì ´ÙÀ½°ú °°ÀÌ ³ª¿Â´Ù.


--------------- quote --

$ zdump -v right/Asia/Seoul
... »ý·« ...
right/Asia/Seoul Tue Jun 30 23:59:60 2015 UTC = Wed Jul 1 08:59:60 2015 KST isdst=0 gmtoff=32400
right/Asia/Seoul Wed Jul 1 00:00:00 2015 UTC = Wed Jul 1 09:00:00 2015 KST isdst=0 gmtoff=32400
... »ý·« ...

--------------- /quote --

¡Ø KDT¶ó°í ÀûÈù °ÍÀº ½æ¸ÓŸÀÓ Àû¿ëÀÌ´Ù. KST -> KDT´Â ½æ¸ÓŸÀÓ ½ÃÀÛ, KDT -> KST´Â ½æ¸ÓŸÀÓ Á¾·á]]> *NIX / IT Á¤º¸ Mon, 22 Jun 2015 17:58:58 +0900 OpenSSL Ãë¾àÁ¡ Á¤¸®, Logjam(·Î±×Àë)¿¡¼­ Heartbleed±îÁö http://coffeenix.net/bbs/viewtopic.php?p=10318#10318 ±×·¡¼­ Heartbleed Ãë¾àÁ¡, POODLE Ãë¾àÁ¡, FREAK Ãë¾àÁ¡ ¾ó¸¶Àü¿¡ ³ª¿Â Logjam Ãë¾àÁ¡±îÁö °£´ÜÈ÷ Á¤¸®ÇغýÀ´Ï´Ù.
Ãë¾àÁ¡ ¿©ºÎ¸¦ üũÇÒ ¼ö ÀÖ´Â ¹æ¹ýÀ» º°µµ·Î Àû¾ú½À´Ï´Ù.



1. OpenSSL Logjam Ãë¾àÁ¡ (2015.5.)


TLSÇÁ·ÎÅäÄÝÀÇ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ Àӽà Diffie-Hellman Å° ±³È¯(Diffie-Hellman key exchange)À» »ç¿ëÇÏ¿© TLS¿¬°áÀ» 512ºñÆ® ¼öÃâµî±Þ ¾Ïȣȭ·Î ´Ù¿î±×·¹À̵åÇÒ ¼ö ÀÖ´Ù.

OpenSSL 1.0.2 : ÆÐÄ¡µÈ ¹öÀü 1.0.2bÀÌ»ó
OpenSSL 1.0.1 : ÆÐÄ¡µÈ ¹öÀü 1.0.1nÀÌ»ó

OpenSSL 1.0.1°ú 1.0.2´ëÀÇ ¹öÀüº° ÇØ°áÃ¥À» º¸¸é.
- 1.0.1°ú 1.0.2 : DH ÆĶó¹ÌÅÍ°¡ 768ºñÆ®º¸´Ù ª´Ù¸é handshake¸¦ °ÅºÎÇϵµ·Ï TLSŬ¶óÀ̾ðÆ®¿¡ ´ëÇÑ º¸È£ ±â´ÉÀ» Ãß°¡Çß´Ù.
- 1.0.2bÀÌ»ó, 1.0.1nÀÌ»ó : À§ Á¦ÇÑÀ» 1024ºñÆ®±îÁö Áõ°¡Çß´Ù.
- 1.0.1mÀÌ»ó, 1.0.2aÀÌ»ó : EXPORT cipher suite(Áï, ¼öÃâµî±Þ ¾ÏÈ£)¸¦ ±âº»ÀûÀ¸·Î disableÇß´Ù.


--------------- quote --

1) Ãë¾àÁ¡ ¿©ºÎ È®ÀÎÇϱâ
¹Ýµå½Ã openssl 1.0.2 client¸¦ »ç¿ëÇØ¾ß Server Temp Key: °ªÀ» º¼ ¼ö ÀÖ´Ù. Server Temp Key: °ªÀÌ 1024ºñÆ®°Å³ª ÀÌÇÏÀ̸é 2048ºñÆ® DH parameter¸¦ »ý¼ºÇÑ´Ù. (1024ºñÆ®°¡ ¹Ýµå½Ã Ãë¾àÇÏ´Ù´Â °ÍÀº ¾Æ´Ï°í, ¹Ý´ë·Î ¾ÈÀüÇÑ °Íµµ ¾Æ´Ï´Ù. ¿À´Ã³¯ °°ÀÌ PC ¿¬»ê±â´ÉÀÌ ÁÁÀº °æ¿ì 1024ºñÆ® ¾ÏÈ£¸¦ ºü¸¥ ½Ã°£³»¿¡ Ç® ¼ö ÀÖ´Ù´Â °ÍÀÓ. ±×·¡¼­ 2048ºñÆ®¸¦ ±ÇÀå)

$ openssl s_client -connect ¼­¹ö:433 - cipher EDH

2) apache ¼³Á¤
$ openssl dhparam -out dhparam.pem 2048

»ý¼ºµÈ DH parameter¸¦ SSLCertificateFile ¿¡ ÀûÈù ÆÄÀÏ ¸ÇµÚ¿¡ ºÙÀδÙ.
cat dhparam.pem >> /path/to/sslcertfile

±×·±µ¥, apache 2.4.7ÀÌÀü ¹öÀüÀº DH parameter°¡ Ç×»ó 1024ºñÆ®·Î ¼ÂÆõǾî ÀÖ°í, »ç¿ëÀÚ°¡ À̸¦ ¹Ù²Ü ¼ö ¾ø´Ù.
RHEL 6(CentOS 6)ÀÇ apache 2.2¹öÀüÀº 2.4.7°ÍÀ» ¹éÆ÷ÆÃÇؼ­ ¼ÂÆÃÀÌ °¡´ÉÇÏ´Ù.

3) nginx ¼³Á¤
$ openssl dhparam -out dhparam.pem 2048

nginx.conf¿¡ ´ÙÀ½ Ãß°¡
ssl_dhparam /path/to/dhparam.pem;

--------------- /quote --


ÀÚ¼¼ÇÑ Á¤º¸´Â ´ÙÀ½ ±ÛÀ».
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
http://www.openssl.org/news/secadv_20150611.txt
https://access.redhat.com/ko/articles/1480443 (ÇѱÛ)

À¥¼­¹ö ¼³Á¤°ú °ü·Ã¿¡¼­´Â Guide to Deploying Diffie-Hellman for TLS ( https://weakdh.org/sysadmin.html )±ÛÀÌ °¡Àå Á¤¸®°¡ Àß µÈ °Í °°´Ù.


2. OpenSSL FREAK Ãë¾àÁ¡ (2015.3.)

°ú°Å ¹Ì±¹Àº ¾Ïȣȭ ±â¼ú¿¡ ´ëÇØ ÇØ¿Ü ¼öÃâÀ» Á¦ÇÑÇß´Ù. ±×·¡¼­ ÇØ¿Ü¿¡ ¾Ïȣȭ ±â¼úÀ» ¼öÃâÇÏ·Á¸é ³·Àº ¼öÁØÀÎ 512ºñÆ® ¾Ïȣȭ(RSA EXPORT)¸¸ »ç¿ëÇÒ ¼ö ÀÖ¾ú´Ù. ÀÌÈÄ 2000³â¿¡ ¹Ì±¹Àº ÀÌ ¼öÃâÁ¦ÇÑÀ» ¾ø¾Ý´Ù.

ÇöÀç´Â 2048ºñÆ® ÀÌ»óÀÇ ¾Ïȣȭ Å°¸¦ ¸¹ÀÌ »ç¿ëÇÑ´Ù. ±×·±µ¥, ¼öÃâÁ¦ÇÑÀÌ ¾ø¾îÁøÁö 10¿©³âÀÌ Áö³µ´Âµ¥µµ OpenSSL¿¡ ¼öÃâµî±Þ ¾Ïȣȭ ±â´ÉÀÌ ±×´ë·Î ³²¾ÆÀÖ¾ú´Ù. FREAK(Factoring attack on RSA-EXPORT Keys)¶ó°í ºÒ¸®´Â Ãë¾àÁ¡Àº °ø°ÝÀÚ°¡ 512ºñÆ®ÀÇ ³·Àº ¼öÁØÀÇ ¼öÃâµî±Þ ¾ÏÈ£¸¦ ¿äûÇÒ ¼ö°¡ ÀÖ´Ù.

OpenSSL 1.0.1 : ÆÐÄ¡µÈ ¹öÀü 1.0.1k
OpenSSL 1.0.0 : ÆÐÄ¡µÈ ¹öÀü 1.0.0p
OpenSSL 0.9.8 : ÆÐÄ¡µÈ ¹öÀü 0.9.8zd


--------------- quote --

1) Ãë¾àÁ¡ ¿©ºÎ È®ÀÎÇϱâ
$ openssl s_client -connect ¼­¹ö:433 - cipher EXPORT

2) apache ¼³Á¤ : SSLCipherSuite ¿¡ !EXP ¶Ç´Â !EXPORT¸¦ Ãß°¡ÇÑ´Ù.
(¿¹) SSLCipherSuite HIGH:!aNULL:!MD5:!EXP

3) nginx ¼³Á¤ : !EXPORT¸¦ Ãß°¡ÇÑ´Ù.
(¿¹) ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT;

--------------- /quote --



3. OpenSSL POODLE Ãë¾àÁ¡ (SSLv3 Ãë¾àÁ¡, 2014.10.)

POODLE(Padding Oracle On Downgraded Legacy Encryption)À̶ó°í ºÒ¸®´Â Ãë¾àÁ¡Àº SSL 3.0 ¹öÀü¿¡ Á¸ÀçÇÏ´Â Ãë¾àÁ¡ÀÌ´Ù. °ø°ÝÀÚ°¡ Æеù ¿À¶óŬ °ø°Ý(ÀÌ°Ô ¹ºÁö ¸ð¸§)À» ÇÏ¿© ¾Ïȣȭ Åë½ÅÀ» Çص¶ÇÒ ¼ö ÀÖ´Ù.

Poodle Ãë¾àÁ¡Àº ÇÁ·ÎÅäÄÝ ÀÚü °áÇÔÀÌ ¾Æ´Ï¶ó ±¸Çö»óÀÇ ¹®Á¦¿©¼­ ÆÐÄ¡°¡ ¾Æ´Ñ ¼³Á¤ º¯°æÀ¸·Î ÇØ°áÇÑ´Ù. SSL v3¸¸ ÇØ´çµÇ°í TLSÀº Ãë¾àÇÏÁö ¾Ê´Ù. µû¶ó¼­ SSL v3¸¦ »ç¿ëÇÏÁö ¾Êµµ·Ï ¼³Á¤ÇØÁÖ¸é µÈ´Ù.


--------------- quote --

1) Ãë¾àÁ¡ ¿©ºÎ È®ÀÎÇϱâ
$ openssl s_client -connect ¼­¹ö:443 -ssl2 (-ssl2 ¿É¼ÇÀº Áö¿øÇÏÁö ¾ÊÀ» ¼ö ÀÖÀ½)
$ openssl s_client -connect ¼­¹ö:443 -ssl3

2) apache ¼³Á¤ : SSLProtocol¿¡¼­ -SSLv3¸¦ Ãß°¡ÇÑ´Ù.
(¿¹) SSLProtocol all -SSLv2 -SSLv3

3) nginx ¼³Á¤ : TLS¸¸ Çã¿ë
(¿¹) ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

--------------- /quote --


ÀÚ¼¼ÇÑ Á¤º¸´Â ´ÙÀ½ ±ÛÀ».
https://access.redhat.com/ko/node/1256013 (ÇѱÛ)


4. OpenSSL Heartbleed Ãë¾àÁ¡ (2014.4.)

OpenSSL 1.0.1¹öÀü¿¡ TLS heartbeat Ãë¾àÁ¡(Àϸí Heartbleed Bug¶ó°í ºÎ¸§. CVE-2014-0160, openssl: information disclosure in handling of TLS heartbeat extension packets)ÀÌ ÀÖ´Ù. °ø°ÝÀÚ°¡ https¼­¹öÀÇ ¸Þ¸ð¸® 64KB µ¥ÀÌÅ͸¦ º¼ ¼ö ÀÖ´Ù. ¸Þ¸ð¸®¿¡´Â https¼­¹ö¿Í À¯Àú°£¿¡ ÁÖ°í ¹ÞÀº µ¥ÀÌÅ͵é(ID/PW, ... µîÀÇ Á¤º¸)ÀÌ Àִµ¥, °ø°ÝÀÚ´Â plain textÇüÅ·Πº¼ ¼ö ÀÖ´Ù. ±×¸®°í,SSL °³ÀÎÅ°¸¦ ¾òÀ» ¼ö.

ÀÚ¼¼ÇÑ Á¤º¸´Â ´ÙÀ½ ±ÛÀ».
http://coffeenix.net/bbs/viewtopic.php?t=8239


------------------------------------------------------------------------------------------------------------
5. openssl ¸í·ÉÀ¸·Î °£´ÜÈ÷ Ãë¾àÁ¡ ¿©ºÎ üũ

¡Ø Âü°í : openssl·Î ÀÎÁõ¼­ Á¤º¸ »ìÆ캸±â (2008.12.)

1-1) SSLv3°¡ Çã¿ëµÈ °æ¿ì


--------------- code --

$ openssl s_client -connect ¼­¹ö:443 -ssl3
CONNECTED(00000003)
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
...»ý·«...
SSL-Session:
Protocol : SSLv3
Cipher : DHE-RSA-AES256-SHA <-- SSLv3 Áö¿øÇÏ´Â °æ¿ì.

--------------- /code --


1-2) SSLv3°¡ Çã¿ëµÇÁö ¾ÊÀº °æ¿ì (¾ÈÀü)


--------------- code --

$ openssl s_client -connect ¼­¹ö:443 -ssl3
CONNECTED(00000003)
140289569347264:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1256:SSL alert number 40
140289569347264:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000 <-- SSLv3 Áö¿øÇÏÁö ¾ÊÀ½.

--------------- /code --


2-1) ¼öÃâ¿ë ¾Ïȣȭ°¡ Çã¿ëµÈ °æ¿ì (ÀÎÁõ¼­ Á¤º¸°¡ Ç¥½ÃµÊ. º¸¾È»ó Ãë¾à)


--------------- code --

$ openssl s_client -connect ¼­¹ö:443 -cipher EXPORT
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, ... »ý·« ...
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
...»ý·«...
SSL handshake has read 4798 bytes and written 201 bytes

--------------- /code --


2-3) ¼öÃâ¿ë ¾Ïȣȭ°¡ Çã¿ëµÇÁö ¾Ê´Â °æ¿ì (¾ÈÀü)


--------------- code --

$ openssl s_client -connect ¼­¹ö:443 -cipher EXPORT
CONNECTED(00000003)
139768004437696:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 75 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

--------------- /code --


3-1) logjam¿¡ Ãë¾àÇÑ °æ¿ì (¹Ýµå½Ã openssl 1.0.2 client·Î Å×½ºÆ®ÇØ¾ß Server Temp Key: °ªÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù)


--------------- code --

$ openssl s_client -connect ¼­¹ö:443 -cipher EDH
... »ý·« ...
Server Temp Key: DH, 1024 bits <--- 1024ºñÆ®À̰ųª ³·´Ù¸é 2048ºñÆ® DH parameter¸¦ »ç¿ëÇϵµ·Ï ¼ÂÆÃÇÑ´Ù.

SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
... »ý·« ...

--------------- /code --


3-2) logjam Ãë¾àÁ¡¿¡ ¾ÈÀüÇÑ °æ¿ì


--------------- code --

$ openssl s_client -connect ¼­¹ö:443 -cipher EDH
CONNECTED(00000003)
139828320765632:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 145 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---

--------------- /code --
]]> *NIX / IT Á¤º¸ Tue, 16 Jun 2015 16:40:33 +0900 ¸®´ª½º glibc Ãë¾àÁ¡, "GHOST" http://coffeenix.net/bbs/viewtopic.php?p=10120#10120
* Linux "GHOST" Vulnerability Hits Glibc Systems
http://www.phoronix.com/scan.php?page=news_item&px=Linux-GHOST-Glibc-Security

* GHOST: glibc gethostbyname buffer overflow
http://www.openwall.com/lists/oss-security/2015/01/27/9


--------------- quote --
we discovered that it was fixed on May 21, 2013 (between the releases of glibc-2.17 and glibc-2.18 ).
Unfortunately, it was not recognized as a security threat; as a result, most stable and long-term-support distributions were left exposed (and still are):
Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, for example.

--------------- /quote --


´ÙÇàÀÎ °ÍÀº apache, nginx, lighttpd µî ´ëÇ¥ÀûÀÎ À¥¼­¹ö¿Í proftpd, vsftpd, pure-ftpd µî ´Ù¼ö FTP ¼­¹ö, openssh´Â Ãë¾àÇÏÁö ¾Ê´Â °ÍÀ¸·Î ¹àÇôÁ³´Ù.
Qualys Security Advisory teamÀÌ OSS Security ¸ÞÀϸµ¸®½ºÆ®¿¡ º¸³½ ³»¿ë¿¡ µû¸£¸é, ´ÙÀ½ µ¥¸óµéÀº ¹®Á¦ ¾ø´Ù°í ÇÑ´Ù.
http://www.openwall.com/lists/oss-security/2015/01/27/18


--------------- quote --

apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.

--------------- /quote --


RHEL(CentOS)Àº ÆÐÄ¡¸¦ Á¦°øÇÏ°í ÀÖ´Ù.

* RHEL5, CentOS 5 (ÆÐÄ¡µÈ ÆÐÅ°Áö¸í : glibc-2.5-123.el5_11.1)
https://rhn.redhat.com/errata/RHSA-2015-0090.html
* RHEL6 & 7, CentOS 6 & 7 (RHEL6 ÆÐÄ¡µÈ ÆÐÅ°Áö¸í : glibc-2.12-1.149.el6_6.5, RHEL 7 : glibc-2.17-55.el7_0.5)
https://rhn.redhat.com/errata/RHSA-2015-0092.html


--------------- code --

# yum -y update ( -y´Â ¾÷µ¥ÀÌÆ® ÇÒ °ÍÀÎÁö ¹¯Áö ¾Ê°í ¹Ù·Î update)
... »ý·« ...
glibc x86_64 2.12-1.149.el6_6.5 updates 3.8 M
glibc-common x86_64 2.12-1.149.el6_6.5 updates 14 M
glibc-devel x86_64 2.12-1.149.el6_6.5 updates 983 k
glibc-headers x86_64 2.12-1.149.el6_6.5 updates 612 k

--------------- /code --
]]> *NIX / IT Á¤º¸ Wed, 28 Jan 2015 14:02:09 +0900 OpenSSL 1.0.1 Heartbleed Ãë¾àÁ¡ (¹Ýµå½Ã ÆÐÄ¡ ÇÊ¿ä) http://coffeenix.net/bbs/viewtopic.php?p=10078#10078 °ø°ÝÀÚ°¡ https¼­¹öÀÇ ¸Þ¸ð¸® 64KB µ¥ÀÌÅ͸¦ º¼ ¼ö ÀÖ½À´Ï´Ù. ¸Þ¸ð¸®¿¡´Â https¼­¹ö¿Í À¯Àú°£¿¡ ÁÖ°í ¹ÞÀº µ¥ÀÌÅ͵é(ID/PW, ... µîÀÇ Á¤º¸)ÀÌ Àִµ¥, °ø°ÝÀÚ´Â plain textÇüÅ·Πº¼ ¼ö ÀÖ½À´Ï´Ù. ±×¸®°í,SSL °³ÀÎÅ°¸¦ ¾òÀ» ¼ö ÀÖ½À´Ï´Ù. ¹Ýµå½Ã ¾÷µ¥ÀÌÆ®Çϼ¼¿ä.

http://a4.aurynj.net/post/82075898166/heartbleed (Heartbleed À̽´¿¡ °üÇØ Á¤¸®)
http://yisangwook.tumblr.com/post/82056087918/openssl-heartbeat-heartbleed (OpenSSL Ãë¾àÁ¡ ¹ß°ß. Heartbleed)
http://heartbleed.com/

1. Ãë¾àÇÑ ¹öÀü

OpenSSL 1.0.0°ú 0.9.8 ¹öÀüÀº Ãë¾àÇÏÁö ¾ÊÀ¸¸ç,
1.0.1Àº 1.0.1f±îÁö Ãë¾àÇÕ´Ï´Ù. 1.0.1g¿¡¼­ ÆÐÄ¡µÇ¾ú±¸¿ä.

http://www.openssl.org/news/secadv_20140407.txt

2. RHEL, CentOS

- CentOS 5 : 0.9.8
- CentOS 6 : 1.0.1ÀÔ´Ï´Ù. CentOS 6Àº ¾÷µ¥ÀÌÆ®Çϼ¼¿ä. yumÀ¸·Î ÇöÀç Áö¿øÇÕ´Ï´Ù. ÆÐÄ¡µÈ rpm : 1.0.1e-16.el6_5.7 ( https://rhn.redhat.com/errata/RHSA-2014-0376.html )


--------------- code --

# yum update openssl*
... »ý·« ...
=============================================================================
Package Arch Version Repository Size
=============================================================================
Updating:
openssl x86_64 1.0.1e-16.el6_5.7 updates 1.5 M
openssl-devel x86_64 1.0.1e-16.el6_5.7 updates 1.2 M

--------------- /code --



3. FreeBSD

- FreeBSD 8.x, 9.x : 0.9.8 ÀÔ´Ï´Ù. ports·Î º°µµ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é ¾÷µ¥ÀÌÆ®ÇÏÁö ¾ÈÇصµ µÇ¿ä.
- FreeBSD 10.0 : 1.0.1e. ÆÐÄ¡ ³ª¿Ô½À´Ï´Ù. ( http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc )


--------------- code --

# freebsd-update fetch
# freebsd-update install
# ls -la /usr/lib*/libssl*
-r--r--r-- 1 root wheel 685846 Apr 9 12:28 /usr/lib/libssl.a
lrwxr-xr-x 1 root wheel 11 Feb 25 09:24 /usr/lib/libssl.so -> libssl.so.7
-r--r--r-- 1 root wheel 430352 Apr 9 12:28 /usr/lib/libssl.so.7
-r--r--r-- 1 root wheel 713782 Apr 9 12:28 /usr/lib/libssl_p.a
-r--r--r-- 1 root wheel 470850 Apr 9 12:28 /usr/lib32/libssl.a
lrwxr-xr-x 1 root wheel 11 Feb 25 09:26 /usr/lib32/libssl.so -> libssl.so.7
-r--r--r-- 1 root wheel 363552 Apr 9 12:28 /usr/lib32/libssl.so.7
-r--r--r-- 1 root wheel 480306 Apr 9 12:28 /usr/lib32/libssl_p.a
#

--------------- /code --


3. Ubuntu

- Ubuntu 13.10, 12.10, 12.04 LTS
- apt-get À¸·Î Áö¿ø µË´Ï´Ù. (http://www.ubuntu.com/usn/usn-2165-1/)


--------------- code --

# apt-get update
# apt-get upgarde

or

# apt-get update
# apt-get install libssl1.0.0 openssl

»ý·«

--------------- /code --


- ÆÐÄ¡ È®ÀÎÀº


--------------- code --

# dpkg -l | grep ssl
ii openssl 1.0.1e-3ubuntu1.2 <-- ubuntu 13.10
ii libssl1.0.0 1.0.1e-3ubuntu1.2

ii openssl 1.0.1c-3ubuntu2.7 <-- ubuntu 12.10
ii libssl1.0.0 1.0.1c-3ubuntu2.7

ii openssl 1.0.1-4ubuntu5.12 <-- ubuntu 12.04 LTS
ii libssl1.0.0 1.0.1-4ubuntu5.12

--------------- /code --


- Âü°í·Î


--------------- code --

# openssl version
OpenSSL 1.0.1 14 Mar 2012

ó·³ ³ª¿Íµµ ÆÐÄ¡ µÈ °ÍÀÔ´Ï´Ù. ÇØ´ç Version Á¤º¸´Â °»½ÅµÇÁö ¾Ê¾Ò´õ±º¿ä.
¸î¸î Æ÷½ºÆ®¿¡¼­ openssl version À¸·Î ¾÷µ¥ÀÌÆ® È®ÀÎÇ϶ó´Â ºÎºÐÀÌ Àִµ¥ ÀÌ ºÎºÐ Á¶½É ÇϽʽÿÀ. dpkg ·Î È®ÀÎ ÇϽʽÿÀ.

--------------- /code --



4. AWS - ELB(Elastic Load Balancing)

- 04/07ÀÏ ÆÐÄ¡ÀüÀ̾úÀ¸³ª ÇöÀç´Â ¸ðµÎ ÆÐÄ¡°¡ ¿Ï·á µÇ¾ú´Ù.
(https://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/)


¾÷µ¥ÀÌÆ® ÈÄ openssl»ç¿ëÇÏ´Â µ¥¸óÀº Àç½ÇÇàÇØÁÖ¼¼¿ä.

¡Ø 4.9(¼ö) 15:00 ±Û ¼öÁ¤
¡Ø 4.9(¼ö) 15:40 ±Û ¼öÁ¤(ubuntu Ãß°¡) - ¹ü³ÃÀÌ]]> *NIX / IT Á¤º¸ Wed, 09 Apr 2014 11:48:13 +0900 FreeBSD 10.0ÀÌ ³ª¿Ô½À´Ï´Ù. http://coffeenix.net/bbs/viewtopic.php?p=10074#10074 ¸¹Àº °ÍÀÌ ¹Ù²î¾î¼­ ÀûÀÀÇϴµ¥ ½Ã°£ÀÌ °É¸± °Í °°¾Æ¿ä.



- GCC´Â ¾ø°í clangÀÌ ±âº»ÀÌ°í,
- make´Â NetBSDÀÇ bmake("Portable" BSD make)·Î ´ëüµÇ¾ú½À´Ï´Ù.
- BIND¼­¹ö´Â ¼³Ä¡µÇÁö ¾Ê½À´Ï´Ù. BINDÇÊ¿ä½Ã ports³ª pkg·Î ¼³Ä¡ÇØ¾ß ÇÕ´Ï´Ù.
- cvsµµ »ç¶óÁ³½À´Ï´Ù. ±×¸® ¾µÀÏÀº ¾øÀ¸´Ï.
- pkg_info, pkg_add µî ±âÁ¸ pkg_ ÅøÀÌ ¿ÏÀüÈ÷ »ç¶óÁ³½À´Ï´Ù. ÀÌÁ¦ ¿ÀÁ÷ pkg¸¸ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. 8.4°ú 9.2¹öÀü¿¡¼­´Â pkg_ Åø°ú pkg°¡ °øÁ¸ÇßÁÒ.
- °¡»óÈ­ °³¼±
- ZFS(ZFS version 5, zpool version 28 ) °³¼±. SSD TRIMÁö¿øÇÏ°í LZ4 Áö¿øÇÑ´Ù°í Çϴµ¥, FreeBSD 9.2µµ °°Àº ZFS, zpool ¹öÀüÀ¸·Î Áö¿øÁßÀε¥, Ãß°¡·Î ´Þ
¶óÁø°Ô ÀÖ³ª...

ÀÚ¼¼ÇÑ °ÍÀº ¸±¸®Áî ³ëÆ®¸¦.

http://www.freebsd.org/releases/10.0R/announce.html
http://www.freebsd.org/releases/10.0R/relnotes.html]]> *NIX / IT Á¤º¸ Tue, 21 Jan 2014 10:27:28 +0900 MSIE 11ÀÇ useragent¸í http://coffeenix.net/bbs/viewtopic.php?p=9990#9990 useragent¸í¿¡ Æ÷ÇԵǾú´ø 'MSIE 10.0'°ú °°Àº °ÍÀÌ »ç¶óÁö°í, 'rv:11.0'ÀÌ µîÀåÇß´Ù.

* MSIE 10 ¹öÀü

--------------- code --
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
--------------- /code --


* MSIE 11 ¹öÀü

--------------- code --
Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko <-- Win 7
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko <-- Win 8.1
--------------- /code --


±×¸®°í, useragent³»ÀÇ Trident¸¦ È®ÀÎÇغôõ´Ï ´ÙÀ½°ú °°´Ù.


--------------- code --

Trident/4.0 -> MSIE 8
Trident/5.0 -> MSIE 9
Trident/6.0 -> MSIE 10
Trident/7.0 -> MSIE 11

--------------- /code --


* Âü°í »çÀÌÆ® :
http://blogs.msdn.com/b/ieinternals/archive/2013/09/21/internet-explorer-11-user-agent-string-ua-string-sniffing-compatibility-with-gecko-webkit.aspx]]> *NIX / IT Á¤º¸ Wed, 23 Oct 2013 08:24:44 +0900