Actually, pretty much anyone who uses client certificates in an
enterprise environment is likely to have a problem with this, which is
why the IETF TLS working group is working on publishing a protocol
fix. It looks like that RFC should be published, at Proposed
Standard, in a few weeks, and
Bogdan Ćulibrk b...@default.rs writes:
This advisory kinda made big problem here in local (things stopped
working). I had to do rollback this update because of session
renegotiation breakage.
That's the whole point, the patch disables session renegotiation because
it's fundamentally broken.
Dag-Erling Smørgrav wrote:
Bogdan Ćulibrk b...@default.rs writes:
This advisory kinda made big problem here in local (things stopped
working). I had to do rollback this update because of session
renegotiation breakage.
That's the whole point, the patch disables session renegotiation because
Bogdan Ćulibrk b...@default.rs writes:
basically whole communication between two application relied on using
exactly this funcionality in openssl.
In that case, the only choice you have is to revert to the previous
version...
DES
--
Dag-Erling Smørgrav - d...@des.no
Dan Lukes d...@obluda.cz writes:
Even after the patch has been installed, my browser is still able to
connect to SSL aware HTTP servers. My MUA is still sending/receiving
emails over SMTP/SSL and IMAP/SSL ...
Do you use client-side certificates?
I'm not saying you have no problem, i'm saying
Actually, pretty much anyone who uses client certificates in an
enterprise environment is likely to have a problem with this, which
is
why the IETF TLS working group is working on publishing a protocol
fix. It looks like that RFC should be published, at Proposed
Standard, in a few
Dag-Erling Smørgrav d...@des.no writes:
The correct anser is:
answer, even
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail
Dag-Erling Sm??rgrav writes:
Do you use client-side certificates?
This is probably the original poster's problem. FreeBSD Security Advisory
FreeBSD-SA-09:15.ssl made clear that the patch fixes the protocol bug by
removing the broken feature (session renegotiation), but stated incorrectly
that
Hello!
On Thu, Dec 10, 2009 at 10:37:18AM -0800, Chris Palmer wrote:
Dag-Erling Sm??rgrav writes:
Do you use client-side certificates?
This is probably the original poster's problem. FreeBSD Security Advisory
FreeBSD-SA-09:15.ssl made clear that the patch fixes the protocol bug by
Maxim Dounin writes:
It's not true. Patch (as well as OpenSSL 0.9.8l) breaks only apps that do
not request client certs in initial handshake, but instead do it via
renegotiation. It's not really commonly used feature.
The ideal case is not the typical case:
10 matches
Mail list logo
