On Thu, Apr 01, 2010 at 04:51:57AM +0200, Emmanuel Dreyfus wrote: | Luke Mewburn <lukem%NetBSD.org@localhost> wrote: | | > Do you know the current status of OpenSSL regarding fixes | > for this problem [1] ? | (...) | > [1] Firefox 3.6 causes SSL enabled web servers to core dump in libssl, | > when running on NetBSD 5.0 and its libssl.so.6. | | Hi | | Since you are reusing the thread about TLS renegociation bug, I'd like | to be sure: there is a workaround for that in 5.0.2, right? At the firefox client end; yes. At the server end; I'm not sure if disabling TLSv1 in apache2 avoids the problem. IMHO, it is not acceptable that a remote client can cause a core dump in a server application, or library that the latter uses... cheers, Luke.
Attachment:
pgpt_LDR3XDdJ.pgp
Description: PGP signature