On Wed, Sep 17, 2014 at 10:58:40AM +0300, Christos Trochalakis wrote:
On Tue, Sep 16, 2014 at 06:47:20PM +0400, Maxim Dounin wrote:
Hello!
A problem with SSL session cache in nginx was identified by Antoine
Delignat-Lavaud. It was possible to reuse cached SSL sessions in
unrelated contexts,
On Tue, Sep 16, 2014 at 06:47:20PM +0400, Maxim Dounin wrote:
Hello!
A problem with SSL session cache in nginx was identified by Antoine
Delignat-Lavaud. It was possible to reuse cached SSL sessions in
unrelated contexts, allowing virtual host confusion attacks in some
configurations by an
Hello!
On Wed, Sep 17, 2014 at 12:58 AM, Christos Trochalakis wrote:
I am one of the debian nginx maintainers. Is it possible to provide a
patch for nginx-1.2 series since the relevant commit is not backportable
as-is?
+1
I also hope there is a standalone patch that can (also) be applied to