NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: TLS renegociation bug: time for OpenSSL upgrade?
Luke Mewburn <lukem%NetBSD.org@localhost> wrote:
> | Since you are reusing the thread about TLS renegociation bug, I'd like
> | to be sure: there is a workaround for that in 5.0.2, right?
>
> At the firefox client end; yes.
>
> At the server end; I'm not sure if disabling TLSv1 in apache2
> avoids the problem.
>
> IMHO, it is not acceptable that a remote client can cause a core dump
> in a server application, or library that the latter uses...
I'm not sure we are talking about the same problem. We have
- the TLS renegociation bug, which is the title of this thread. Fixed in
5.0.2?
- the TLSv1 thats gets apache to dump a core, unfixed.
Right?
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index