[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: TLS renegociation bug: time for OpenSSL upgrade?
On 8 May 2010, at 0:10, Steven Bellovin wrote:
> On Apr 9, 2010, at 3:43 00PM, Manuel Bouyer wrote:
>> On Thu, Apr 08, 2010 at 08:37:26PM +1000, Luke Mewburn wrote:
>>> That patch appears to fix the problem.
>>> I removed the "SSLProtocol all -TLSv1" workaround from httpd.conf,
>>> reproduced the problem with the original libssl.so.6.0 (as expected),
>>> installed a new libssl.so.6.0 with your fix, restarted apache,
>>> and the problem has gone.
>> thanks for testing !
>>> I think that this fix should be pulled into netbsd-5 ASAP
>> I commited to head this morning and sent a pullup request.
> Has this been pulled up yet?
Yes, it has:
Matthias Scheler http://zhadum.org.uk/
Main Index |
Thread Index |