[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: TLS renegociation bug: time for OpenSSL upgrade?
On Apr 9, 2010, at 3:43 00PM, Manuel Bouyer wrote:
> On Thu, Apr 08, 2010 at 08:37:26PM +1000, Luke Mewburn wrote:
>> That patch appears to fix the problem.
>> I removed the "SSLProtocol all -TLSv1" workaround from httpd.conf,
>> reproduced the problem with the original libssl.so.6.0 (as expected),
>> installed a new libssl.so.6.0 with your fix, restarted apache,
>> and the problem has gone.
> thanks for testing !
>> I think that this fix should be pulled into netbsd-5 ASAP
> I commited to head this morning and sent a pullup request.
Has this been pulled up yet?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Main Index |
Thread Index |