On Fri, Dec 18, 2009 at 05:32:41PM -0800, Chris H wrote:
Greetings,
A recent (cvs checkout of src/ports on 2009-12-09) install of 8
seems to indicate that changes in SSL have made it virtually
unusable. I've spent the past 3 days attempting to (re)create an SSL
enabled virtual host that
Chris H wrote:
Greetings,
A recent (cvs checkout of src/ports on 2009-12-09) install of 8 seems to
indicate
that changes in SSL have made it virtually unusable. I've spent the past 3 days
attempting to (re)create an SSL enabled virtual host that serves web based
access
to local mail. Since
First my apologies for breaking the thread.
We also had this issue and tried to find an acceptable solution.
To make a long story short:
Please try to compile your application against the version of openssl
available in the ports tree.
As you already mentioned (SA-09:15) breaks renegotiation
Hello!
On Fri, Dec 18, 2009 at 05:32:41PM -0800, Chris H wrote:
Greetings,
A recent (cvs checkout of src/ports on 2009-12-09) install of 8 seems to
indicate
that changes in SSL have made it virtually unusable. I've spent the past 3
days
attempting to (re)create an SSL enabled virtual
Greetings Clifton, and thank you for your reply.
On Sat, December 19, 2009 12:16 am, Clifton Royston wrote:
On Fri, Dec 18, 2009 at 05:32:41PM -0800, Chris H wrote:
Greetings,
A recent (cvs checkout of src/ports on 2009-12-09) install of 8
seems to indicate that changes in SSL have made it
Greetings Matthew, and thank you very much for your reply.
On Sat, December 19, 2009 12:33 am, Matthew Seaman wrote:
Chris H wrote:
Greetings,
A recent (cvs checkout of src/ports on 2009-12-09) install of 8 seems to
indicate that changes in SSL have made it virtually unusable. I've spent the
Greetings, and thank you for taking the time to respond.
On Sat, December 19, 2009 12:58 am, H. Ingow wrote:
First my apologies for breaking the thread.
We also had this issue and tried to find an acceptable solution.
To make a long story short:
Please try to compile your application against
Hello!
On Sat, Dec 19, 2009 at 09:58:49AM +0100, H. Ingow wrote:
[...]
Please try to compile your application against the version of openssl
available in the ports tree.
As you already mentioned (SA-09:15) breaks renegotiation with base system's
openssl by fixing
a security issue ( it
Hello Maxim, and thank you for taking the time to reply.
On Sat, December 19, 2009 2:14 am, Maxim Dounin wrote:
Hello!
On Fri, Dec 18, 2009 at 05:32:41PM -0800, Chris H wrote:
Greetings,
A recent (cvs checkout of src/ports on 2009-12-09) install of 8 seems to
indicate that changes in SSL
On Sat, December 19, 2009 3:13 am, Maxim Dounin wrote:
Hello!
On Sat, Dec 19, 2009 at 09:58:49AM +0100, H. Ingow wrote:
[...]
Please try to compile your application against the version of openssl
available in the ports tree.
As you already mentioned (SA-09:15) breaks renegotiation
Hello!
On Sat, Dec 19, 2009 at 03:18:21AM -0800, Chris H wrote:
Hello Maxim, and thank you for taking the time to reply.
On Sat, December 19, 2009 2:14 am, Maxim Dounin wrote:
Hello!
On Fri, Dec 18, 2009 at 05:32:41PM -0800, Chris H wrote:
Greetings,
A recent (cvs checkout of
Hello!
On Sat, Dec 19, 2009 at 03:23:57AM -0800, Chris H wrote:
On Sat, December 19, 2009 3:13 am, Maxim Dounin wrote:
Hello!
On Sat, Dec 19, 2009 at 09:58:49AM +0100, H. Ingow wrote:
[...]
Please try to compile your application against the version of openssl
available in
Sorry if my proposal won't fit in this case and thanks, Maxim for
clearing out what exactly
to be aware of to have applications run with openssl .0.9.8l
But for the sake of completeness /usr/ports/security/tor-devel is very
well capable of handling
re-negotiation.
see src/common/tortls.c and
On 19/12/2009, at 11:29 PM, Maxim Dounin wrote:
No, my previous suggestion is unrelated.
Additionally, to re-enable renegotiation in openssl 0.9.8l you
need an application which is able to set
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s-s3-flags. I
haven't seen any yet, and
Hello Maxim, and thank you again for your reply.
On Sat, December 19, 2009 3:54 am, Maxim Dounin wrote:
Hello!
On Sat, Dec 19, 2009 at 03:18:21AM -0800, Chris H wrote:
Hello Maxim, and thank you for taking the time to reply.
On Sat, December 19, 2009 2:14 am, Maxim Dounin wrote:
Hello!
Hello!
On Sat, Dec 19, 2009 at 05:23:53AM -0800, Chris H wrote:
[...]
Indeed. I understand that. In fact my OP (original post) indicated my use was
in a vhost - eg;
NameVirtualHost host.ip.add.ress:443
VirtualHost host.ip.add.ress:443
SSLEnable
SSLVerifyClient (options 0-3;none work)
Greetings,
A recent (cvs checkout of src/ports on 2009-12-09) install of 8 seems to
indicate
that changes in SSL have made it virtually unusable. I've spent the past 3 days
attempting to (re)create an SSL enabled virtual host that serves web based
access
to local mail. Since it's local, I'm
This might have something to do with a libthr discussion I was CCed on.
Someone mentioned something about removing a link to libthr in openssl
but I can't remember if this was in the port or base openssl...
On 2009-12-18 05:32:41PM -0800, Chris H wrote:
Greetings,
A recent (cvs checkout of
Hello Peter, and thank you for the reply.
On 2009-12-18 05:32:41PM -0800, Chris H wrote:
Greetings,
A recent (cvs checkout of src/ports on 2009-12-09) install of 8 seems to
indicate that changes in SSL have made it virtually unusable. I've spent the
past 3 days attempting to (re)create an
19 matches
Mail list logo