On Wed, Jan 27, 2010 at 10:41:02PM +, Dr Stephen Henson wrote:
FYI the initial documentation is here:
http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATION
there are currently only two flags to set in an SSL/SSL_CTX structure. Though
servers might want to make
Hi,
Joe Orton wrote:
On Tue, Nov 10, 2009 at 03:19:39PM +0100, Jean-Marc Desperrier wrote:
Joe Orton wrote:
On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote:
On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote:
* we can detect in mod_ssl when the client is
Joe Orton wrote:
On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote:
On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote:
* we can detect in mod_ssl when the client is renegotiating by using the
callback installed using SSL_CTX_set_info_callback(), in conjunction
On Tue, Nov 10, 2009 at 03:19:39PM +0100, Jean-Marc Desperrier wrote:
Joe Orton wrote:
On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote:
On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote:
* we can detect in mod_ssl when the client is renegotiating by using
the
-Original Message-
From: Dirk-Willem van Gulik [mailto:di...@webweaving.org]
Sent: Saturday, November 07, 2009 12:28 AM
To: dev@httpd.apache.org
Subject: Re: TLS renegotiation attack, mod_ssl and OpenSSL
+1 from me. (FreeBSD, Solaris). Test with and without certs (firefox
On 11/09/2009 10:39 AM, Boyle Owen wrote:
-Original Message-
From: Dirk-Willem van Gulik [mailto:di...@webweaving.org]
Sent: Saturday, November 07, 2009 12:28 AM
To: dev@httpd.apache.org
Subject: Re: TLS renegotiation attack, mod_ssl and OpenSSL
+1 from me. (FreeBSD, Solaris
On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote:
On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote:
* we can detect in mod_ssl when the client is renegotiating by using the
callback installed using SSL_CTX_set_info_callback(), in conjunction
with suitable flags in the
On 06.11.2009 01:12, Joe Orton wrote:
On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote:
FYI - Dirk points out that you can test this using openssl s_client by
entering a line with the single character 'R' which s_client treats as a
command to initiate a renegotiation. Joe
$
On 11/05/2009 06:32 PM, Joe Orton wrote:
On Thu, Nov 05, 2009 at 03:39:06PM +, Ben Laurie wrote:
Joe Orton wrote:
In the short term, I think it would be useful to have a new SSL_OP_*
flag which enables rejection of a client-initiated handshake in an SSL
server. This will fix the
On Thu, Nov 05, 2009 at 09:38:23PM +0100, Ruediger Pluem wrote:
If server triggered renegotiation will not work at all, people will just
ignore the
update or remove it from 0.9.8l in their self patched versions.
So overall I guess we would be safer with an approach that
1. Turns off
Joe Orton wrote:
* we can detect in mod_ssl when the client is renegotiating by using the
callback installed using SSL_CTX_set_info_callback(), in conjunction
with suitable flags in the SSLConnRec to detect the cases where this is
either a server-initiated renegotiation or the initial handshake
On 11/05/2009 11:03 PM, Dirk-Willem van Gulik wrote:
Joe Orton wrote:
* we can detect in mod_ssl when the client is renegotiating by using the
callback installed using SSL_CTX_set_info_callback(), in conjunction
with suitable flags in the SSLConnRec to detect the cases where this is
On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote:
* we can detect in mod_ssl when the client is renegotiating by using the
callback installed using SSL_CTX_set_info_callback(), in conjunction
with suitable flags in the SSLConnRec to detect the cases where this is
either a
On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote:
On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote:
* we can detect in mod_ssl when the client is renegotiating by using the
callback installed using SSL_CTX_set_info_callback(), in conjunction
with suitable flags in the
14 matches
Mail list logo