QNAP NAS Community Forum

[schumaku]

Dear Alex,

I'm impressed about QNAP efforts trying to proof the mandatory update of OpenSSL is not required. Afraid - your proof is outdated. On one hand, the default was indeed carried forward to the Firefox 4 release version - and is again in stable Mozilla Firefox 5.0 available for some days.

No more excuses - update OpenSSL in v3.5.0!

Advice: just try the way which Moogs mentioned about.

This is not a trick, this is not feasible for normal users - beyond it's torpedizing Mozillas serious security consideratins and remediation attempts.

Regards,
-Kurt.

[schumaku]

FMI: https://wiki.mozilla.org/Security:Reneg ... _as_broken.

Threat: http://web.nvd.nist.gov/view/vuln/detai ... -2009-3555

Case closed - Update OpenSSL - hoever, I can't understand how this needs weeks and escalation up to the PM director and the CEO.

[AlexKe]

Hi Folks,

We will fix the https connectin on virtual host on coming firmware version.

[River Trent]

Hurrah!

[schumaku]

We will fix the https connectin on virtual host on coming firmware version.

Next v.3.5.0 Beta build to come in reasonable short time, or v3.x due by the end of the year 2011?

[River Trent]

Still not fixed in firmware version: 3.4.4 Build 0718T.

Any idea when this will be fixed??

[schumaku]

Oh no.......... confirmed.

Not addessed in v23.5.0 Beta 1, too.

[River Trent]

Still not working in firmware version: 3.5.0 Build 0815T

[schumaku]

Updating and testing OpenSSL takes more time

Hard, but we need to understand the new features and AFP/TimeMachine for Lion had higher priority.

[NocturnalFilth]

I surely hope they will come with an updated version of openssl soon for QNAP, because it's currently causing a lot of frustration

[schumaku]

viewtopic.php?f=32&t=44618&p=217558#p206550

Status 24. June:

Hi Folks,

We will fix the https connectin on virtual host on coming firmware version.

Failed.

[chaplin1]

Are people at QNAP taking this one seriously ? This ist a major Prio 1 Severity 1 issue. You cannot require the whole world to either change some parameters in their Firefox settings. The latest firmware still has not fixed this issue, we need at least an outlook and confirmation that it has made it on top of the list.

[schumaku]

QNAP seems to be conceenred about backwards browser compatibility. In my opinion, this is not an issue at all in the year 2011. All decent browsers available on still supported operating systems are supporting the SSL re-negotiation.

[River Trent]

3.5.2 Build 1126T Still not addressed

Yawn!

[grobylev]

3.6.0 build 1228T (beta) neither...
but i'm not surprised... same story with php, mysql