Re: TLS renegociation bug: time for OpenSSL upgrade?

To: lukem%NetBSD.org@localhost (Luke Mewburn)
Subject: Re: TLS renegociation bug: time for OpenSSL upgrade?
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Thu, 1 Apr 2010 07:25:56 +0200

Luke Mewburn <lukem%NetBSD.org@localhost> wrote:

>   | Since you are reusing the thread about TLS renegociation bug, I'd like
>   | to be sure: there is a workaround for that in 5.0.2, right?
> 
> At the firefox client end; yes.
> 
> At the server end; I'm not sure if disabling TLSv1 in apache2
> avoids the problem. 
> 
> IMHO, it is not acceptable that a remote client can cause a core dump
> in a server application, or library that the latter uses...

I'm not sure we are talking about the same problem. We have
- the TLS renegociation bug, which is the title of this thread. Fixed in
5.0.2?
- the TLSv1 thats gets apache to dump a core, unfixed. 

Right?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

References:
- Re: TLS renegociation bug: time for OpenSSL upgrade?
  - From: Luke Mewburn

Prev by Date: Re: TLS renegociation bug: time for OpenSSL upgrade?
Next by Date: Re: The Chthulhoid horror that is keyboard handling in Unix (Re: Backspace, Delete and other keys)
Previous by Thread: Re: TLS renegociation bug: time for OpenSSL upgrade?
Next by Thread: Re: TLS renegociation bug: time for OpenSSL upgrade?
Indexes:

Home | Main Index | Thread Index | Old Index