0.9.8l just disables renegotiation. This fixes the issue, for sure, but may break apps. Unfortunately, I have no idea on what scale renegotiation is actively used, nor what the consequences of it failing are for most apps. (I asked whether Pound was vulnerable mainly because I wasn't sure if it permitted renegotiation)
An RFC is in process that will define a cryptographic tie-in between original and renegotiated sessions. This will fix the problem and hopefully we'll see patches for most clients within weeks. Till then...blech. -HKS On Fri, Nov 13, 2009 at 3:34 AM, Makoto Kobayashi <[email protected]> wrote: > OpenSSL 0.9.8l is released as a workaround against the issue last week. > > However, as HKS mentioned, it is not a vulnerability of > implementations but that of the protocol. > All we can do so far is just work around, am I right? > > Makoto > > On Fri, Nov 13, 2009 at 12:55 AM, Robert Segall <[email protected]> wrote: >> On Wed, 2009-11-11 at 16:01 -0500, (private) HKS wrote: >>> http://www.kb.cert.org/vuls/id/120541 >>> >>> I assume Pound is vulnerable to this since it seems to be a flaw in >>> the actual protocol design, but can anyone confirm? >> >> Yes, Pound suffers from the same problem (as you correctly note, this is >> really a SSL issue). We hope this will be fixed in some upcoming OpenSSL >> version. >> -- >> Robert Segall >> Apsis GmbH >> Postfach, Uetikon am See, CH-8707 >> Tel: +41-44-920 4904 >> >> >> -- >> To unsubscribe send an email with subject unsubscribe to [email protected]. >> Please contact [email protected] for questions. >> > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
