Re: SSL renegociation vulnerability

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: SSL renegociation vulnerability
From: "Brian A. Seklecki (CFI NOC)" <seklecki%noc.cfi.pgh.pa.us@localhost>
Date: Wed, 02 Dec 2009 18:07:34 -0500

Emmanuel Dreyfus wrote:

Hello

A question about the latest SSL vulnerability:
http://extendedsubset.com/?p=8

I don't have an answer to your question, but for the sake of the listarchives, it should be pointed out that the ASF distributed work-aroundpatch has been imported into pkgsrc/www/apache22 about 7 weeks ago byMatthias Scheler:


http://pkgsrc.se/files.php?messageId=20091004122135.3083A175DA%cvs.netbsd.org@localhost

As far as getting OpenSSL 0.9.8l MITM-related changes backported, I'lldefer.


~BAS

Follow-Ups:
- Re: SSL renegociation vulnerability
  - From: Emmanuel Dreyfus

References:
- SSL renegociation vulnerability
  - From: Emmanuel Dreyfus

Prev by Date: Re: sshd UsePAM, PR bin/32313
Next by Date: Re: SSL renegociation vulnerability
Previous by Thread: SSL renegociation vulnerability
Next by Thread: Re: SSL renegociation vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index