On Sat, Nov 28, 2009 at 8:03 PM, Matthew Szudzik <[email protected]> wrote: > A few days ago a patch to the highly-publicized OpenSSL vulnerability ... > was released for OpenBSD-stable at > > ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/004_openssl.patch > > What exactly is the effect of this patch? > > I assume that it prevents renegotiation man-in-the-middle attacks > against webservers running OpenBSD, but does it also help OpenBSD > clients? For example, suppose that I'm doing some online banking with > lynx, and somebody attempts a man-in-the-middle attack on my https > connection. What will happen?
Your connection will be subverted. The new prefix injection MitM attack is not detectable or preventable from the client side. Philip Guenther
