NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: TLS renegociation bug: time for OpenSSL upgrade?

On Thu, Apr 01, 2010 at 04:51:57AM +0200, Emmanuel Dreyfus wrote:
  | Luke Mewburn <> wrote:
  | > Do you know the current status of OpenSSL regarding fixes
  | > for this problem [1] ?
  | (...)
  | > [1] Firefox 3.6 causes SSL enabled web servers to core dump in libssl,
  | >     when running on NetBSD 5.0 and its
  | Hi 
  | Since you are reusing the thread about TLS renegociation bug, I'd like
  | to be sure: there is a workaround for that in 5.0.2, right?

At the firefox client end; yes.

At the server end; I'm not sure if disabling TLSv1 in apache2
avoids the problem. 

IMHO, it is not acceptable that a remote client can cause a core dump
in a server application, or library that the latter uses...


Attachment: pgpt_LDR3XDdJ.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index