https://issues.apache.org/bugzilla/show_bug.cgi?id=48859
Summary: clarification on OpenSSL 0.9.8l - Renegotiating
vulnerability
Product: Apache httpd-2
Version: 2.2.14
Platform: PC
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P2
Component: Build
AssignedTo: [email protected]
ReportedBy: [email protected]
Hi,
Wanted a clarification on OpenSSL 0.9.8l ( CVE-2009-3555 - TLS / SSLv3
Renegotiating vulnerability) . When I execute the following
./openssl s_client -connect www.testapp.com:8090
--- [snipped... openssl output]
HEAD / HTTP/1.0
R
RENEGOTIATING
<Enter>
The below output is shown
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"7777-1266209541000"
Last-Modified: Mon, 15 Feb 2010 04:52:21 GMT
Content-Type: text/html
Content-Length: 7777
Date: Wed, 03 Mar 2010 17:44:54 GMT
Connection: close
What I want to know is if this should output the header details or should that
be suppressed also. As per a lot of forums I should get this error
“28874:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:530:”
OR
The connection blocks and timeouts after a while
Could someone please clarify.
Thanks
Rajat
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
