Re: TLS renegociation bug: time for OpenSSL upgrade?

To: Steven Bellovin <smb%cs.columbia.edu@localhost>
Subject: Re: TLS renegociation bug: time for OpenSSL upgrade?
From: Matthias Scheler <tron%zhadum.org.uk@localhost>
Date: Sat, 8 May 2010 12:30:57 +0100

On 8 May 2010, at 0:10, Steven Bellovin wrote:

> 
> On Apr 9, 2010, at 3:43 00PM, Manuel Bouyer wrote:
> 
>> On Thu, Apr 08, 2010 at 08:37:26PM +1000, Luke Mewburn wrote:
>>> That patch appears to fix the problem.
>>> 
>>> I removed the "SSLProtocol all -TLSv1" workaround from httpd.conf,
>>> reproduced the problem with the original libssl.so.6.0 (as expected),
>>> installed a new libssl.so.6.0 with your fix, restarted apache,
>>> and the problem has gone.
>> 
>> thanks for testing !
>> 
>>> 
>>> I think that this fix should be pulled into netbsd-5 ASAP
>> 
>> I commited to head this morning and sent a pullup request.
>> 
>> -- 
> 
> Has this been pulled up yet?

Yes, it has:

http://releng.netbsd.org/cgi-bin/req-5.cgi?show=1355
http://mail-index.netbsd.org/source-changes/2010/03/28/msg008226.html

        Kind regards

-- 
Matthias Scheler                           http://zhadum.org.uk/

References:
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Luke Mewburn
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Emmanuel Dreyfus
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Luke Mewburn
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Manuel Bouyer
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Luke Mewburn
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Manuel Bouyer
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Steven Bellovin

Prev by Date: Re: build netbsd5 fail
Next by Date: Re: build netbsd5 fail
Previous by Thread: Re: TLS renegociation bug: time for OpenSSL upgrade?
Next by Thread: Re: TLS renegociation bug: time for OpenSSL upgrade?
Indexes:

Home | Main Index | Thread Index | Old Index