Čt, lis 12, 2009 ve 04:55:22 +0100, Robert Segall napsal: > On Wed, 2009-11-11 at 16:01 -0500, (private) HKS wrote: > > http://www.kb.cert.org/vuls/id/120541 > > > > I assume Pound is vulnerable to this since it seems to be a flaw in > > the actual protocol design, but can anyone confirm? > > Yes, Pound suffers from the same problem (as you correctly note, this is > really a SSL issue). We hope this will be fixed in some upcoming OpenSSL > version.
We all hope it will be, but is there any possiblity you make a workaround on this directly in Pound while waiting? By workaround I mean just disable renegotiation in pound. Whole problem is that not everybody is able to use newest version of openssl which disable renegotiations at all (not enough skills to compile it for distributions or fear that it breaks many other applications). Thanks for considering Ondra 'Kepi' Kudlik -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
