Hi ALL,
I have Applied this patch http://cvs.openssl.org/chngview?cn=18791
on openssl 9.8k . when i have tried renegotiation , it is
disconnecting the connection .
SSL_accept:before accept initialization
>>> TLS 1.0 Alert [length 0002], fatal handshake_failure
02 28
SSL3 alert write:fatal:handshake failure
SSL_accept:error in SSLv3 read client hello A
ERROR
344264:error:1408A13F:SSL routines:SSL3_GET_CLIENT_HELLO:no
renegotiation:s3_srvr.c:725:
shutting down SSL
CONNECTION CLOSED
ACCEPT
For the security issue CVE-2009-3555, Which all patch i need to apply
on Openssl 9.8k and openssl 9.8h so that connection gets disconnected
if renegotiation is attempted . ( As i can see in openssl 0.9.8l gets
into hang state whenever renegotiation is attempted).
Thanks In Advance
Joshi
On Tue, Nov 17, 2009 at 12:10 PM, joshi chandra
<[email protected]> wrote:
>
> Hi ,
>
> I have lot patch from cvs of Openssl which will disable all the
> renegotiation and also will drop the connection if renegotiation is tried .
>
> This is the patch from the cvs
> http://cvs.openssl.org/chngview?cn=18791
> http://cvs.openssl.org/chngview?cn=18794
> http://cvs.openssl.org/chngview?cn=18795
>
> As i am using this patch in older version of openssl (9.8h and 9.8k ). will
> this patch disable the renegotiation and also drop the connection if
> renegotiation is done .
>
> Thanks in Advance
>
> Joshi
>
>
> Lutz Jaenicke wrote:
>>
>> Boyle Owen wrote:
>>> PPS: Although I have subscribed to this list, I am not getting the mails
>>> (I have to keep checking the archives). Is there anyone who can check
>>> out my account?
>>>
>>
>> Hmm. If memory serves me right there was a "subscribe" message sent to
>> the list instead of the mailing list manager (which I then moderated
>> away)...
>> Please try again, we do have some handy form on the web page.
>>
>> Best regards,
>> Lutz
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> Development Mailing List [email protected]
>> Automated List Manager [email protected]
>>
>>
>
> --
> View this message in context:
> http://old.nabble.com/Test-of-disabled-renegotiation-in-0.9.8l-tp26301719p26385119.html
> Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [email protected]
> Automated List Manager [email protected]
>
--
Regards
Joshi Chandran
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
