NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: TLS renegociation bug: time for OpenSSL upgrade?

Luke Mewburn <> wrote:

>   | Since you are reusing the thread about TLS renegociation bug, I'd like
>   | to be sure: there is a workaround for that in 5.0.2, right?
> At the firefox client end; yes.
> At the server end; I'm not sure if disabling TLSv1 in apache2
> avoids the problem. 
> IMHO, it is not acceptable that a remote client can cause a core dump
> in a server application, or library that the latter uses...

I'm not sure we are talking about the same problem. We have
- the TLS renegociation bug, which is the title of this thread. Fixed in
- the TLSv1 thats gets apache to dump a core, unfixed. 


Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index