> Actually, pretty much anyone who uses client certificates in an > enterprise environment is likely to have a problem with this, which is > why the IETF TLS working group is working on publishing a protocol > fix. It looks like that RFC should be published, at Proposed > Standard, in a few weeks, and most vendors look prepared to release > implementations of the fix immediately thereafter (as soon as the > relevant constants are assigned by IANA). > > -GAWollman
This advisory kinda made big problem here in local (things stopped working). I had to do rollback this update because of "session renegotiation" breakage. Is there some workaround to make things work along with this advisory? Maybe switch to ports/security/openssl ? Can anyone comment on this one? Thanks in advance. =bc _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
