Re: TLS renegociation bug: time for OpenSSL upgrade?

To: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Subject: Re: TLS renegociation bug: time for OpenSSL upgrade?
From: Steven Bellovin <smb%cs.columbia.edu@localhost>
Date: Fri, 7 May 2010 19:10:20 -0400

On Apr 9, 2010, at 3:43 00PM, Manuel Bouyer wrote:

> On Thu, Apr 08, 2010 at 08:37:26PM +1000, Luke Mewburn wrote:
>> That patch appears to fix the problem.
>> 
>> I removed the "SSLProtocol all -TLSv1" workaround from httpd.conf,
>> reproduced the problem with the original libssl.so.6.0 (as expected),
>> installed a new libssl.so.6.0 with your fix, restarted apache,
>> and the problem has gone.
> 
> thanks for testing !
> 
>> 
>> I think that this fix should be pulled into netbsd-5 ASAP
> 
> I commited to head this morning and sent a pullup request.
> 
> -- 

Has this been pulled up yet?


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Manuel Bouyer
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Matthias Scheler

References:
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Luke Mewburn
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Emmanuel Dreyfus
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Luke Mewburn
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Manuel Bouyer
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Luke Mewburn
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Manuel Bouyer

Prev by Date: Re: 5.1_RC1 Dual Head Trouble
Next by Date: Re: Supported VM environments under MacOS dom0
Previous by Thread: Re: TLS renegociation bug: time for OpenSSL upgrade?
Next by Thread: Re: TLS renegociation bug: time for OpenSSL upgrade?
Indexes:

Home | Main Index | Thread Index | Old Index