Arno Garrels wrote:
> Zvone wrote:
>> well, that's great news i thought it was not fixed already and it was
>> still disabled in "N" version as well. good to know!
>>
>> but what does this mean "require the extension as needed"?
>>
>> if i understood correctly - if you have 098n and server supports the
>> extension, it will be used with no additional programming on the
>> client side?
>> if your software or server don't support extension it will fail just
>> like "L" version (unless of course you allow unsafe renegotiation
>> option)?
>
> Yes, that's correct, unless you enable option
> "SslOpt_ALLOW_UNSAFE_LEGACY_RENEGOTIATION"
That stands.
> which should be safe on the
> client-side.
Most likely that's wrong, as I recall the vulnerability,
it's probably only safe to not enable option
"SslOpt_ALLOW_UNSAFE_LEGACY_RENEGOTIATION".
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
