[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: TLS renegociation bug: time for OpenSSL upgrade?
Luke Mewburn <lukem%NetBSD.org@localhost> wrote:
> | Since you are reusing the thread about TLS renegociation bug, I'd like
> | to be sure: there is a workaround for that in 5.0.2, right?
> At the firefox client end; yes.
> At the server end; I'm not sure if disabling TLSv1 in apache2
> avoids the problem.
> IMHO, it is not acceptable that a remote client can cause a core dump
> in a server application, or library that the latter uses...
I'm not sure we are talking about the same problem. We have
- the TLS renegociation bug, which is the title of this thread. Fixed in
- the TLSv1 thats gets apache to dump a core, unfixed.
Main Index |
Thread Index |