On 03/04/17 11:24, Mody, Darshan (Darshan) wrote: > Thanks Matt, > > Just another query. Is the issue addressed in the latest openssl 1.1.0?
My answer was for 1.1.0 (as was your original question)? In any case it is not addressed in any OpenSSL version. Matt > > Regards > Darshan > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Matt > Caswell > Sent: Monday, April 03, 2017 2:53 PM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] Renegotiation ticket 3712 > > > > On 02/04/17 04:50, Mody, Darshan (Darshan) wrote: >> Hi Matt, >> >> Is re-negotiation fixed with openssl 1.1.0 ? >> https://urldefense.proofpoint.com/v2/url?u=https-3A__rt.openssl.org_Ti >> cket_Display.html-3Fid-3D3712-26user-3Dguest-26pass-3Dguesthttps-3A__r >> t.openssl.org_Ticket_Display.html-3Fid-3D3712-26user-3Dguest-26pass-3D >> guest&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXza >> IDagy9EuEhJrKfQ&m=0_oGDu1Nd351FfLBQxFRBsvQxamucuAh4kuC9XC9rng&s=Ni8yD4 >> vI9arECJEB4AvTHTPslAIBDOyQYItrnXI8Ho8&e= >> >> From the ticket it seems its marked resolved but your patch is not in >> the openssl base due to possible vulnerabilities. > > No, this issue is not fixed. It would require a major overhaul to properly > fix it, and I don't think it is considered worth it for this issue. > > Matt > -- > openssl-dev mailing list > To unsubscribe: > https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=0_oGDu1Nd351FfLBQxFRBsvQxamucuAh4kuC9XC9rng&s=u1jQpWruXjaddyFVQW6x3TnRYA3CsHe1XzBwNlHn3p0&e= > > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
