Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KRACK vulnerability fix #242

Closed
xoseperez opened this issue Oct 16, 2017 · 5 comments
Closed

KRACK vulnerability fix #242

xoseperez opened this issue Oct 16, 2017 · 5 comments

Comments

@xoseperez
Copy link
Owner

Originally reported by: 0xFelix (Bitbucket: 0xFelix, GitHub: 0xFelix)


The today released KRACK vulnerability should be fixed as soon as possible

@xoseperez
Copy link
Owner Author

Original comment by Martin Maciaszek (Bitbucket: maciaszek, GitHub: maciaszek):


This isn't an issue of Espurna directly. Espressif released patches to address this vulnerability: http://espressif.com/en/media_overview/news/espressif-releases-patches-wifi-vulnerabilities-cert-vu228519?position=0&list=W1-rtfr4C9e1Vhf5JEhY_1EPZ-Dag7NT6M7sJEphvS0

You’ll just need to rebuild Espurna with the newly updated SDK.

@xoseperez
Copy link
Owner Author

You are right, to use the latest 2.4.0-rc2 version you will also have to update ESPAsyncTCP library, although it has some compilation errors if SSL is enabled (me-no-dev/ESPAsyncTCP#58).

@xoseperez
Copy link
Owner Author

As of 1.9.6 all pre-built images have been built against 2.4.0-RC2, there are some issues with the ESPAsyncTCP library that makes it crash when using 2.4.0-RC2 with SSL support. In the meantime you can compile against a fork (https://github.com/xoseperez/ESPAsyncTCP) with a fixed signatures when ASYNC_TCP_SSL_ENABLED = 1

@xoseperez
Copy link
Owner Author

KRACK fix available using 2.4.0-rc2, fully supported with the latest ESPAsyncTCP version, including SSL support.

@xoseperez
Copy link
Owner Author

Removing milestone: 1.9.8 (automated comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant