Hoby Smith wrote:
> Oh well, so we have another, "oh no, SSL is broke" issue.  Of course
> we do. Just wait.  This one will be addressed and then the next
> weakness will emerge. ALL Web stack technologies are broke regarding
> security and have been since they were innovated.  

In this case it's not a HTTP issue but a native SSL protocol 
vulnerability (http://extendedsubset.com/?p=8) it just happens to work 
nicely with HTTPS POST and it requires client certificate authentication.

OpenSSL v0.9.8L disables session renegotiation due to this 
vulnerability. If your application relied on session renegotiation 
OpenSSL v0.9.8L will break it. 
OpenSSL v0.9.8L is available for ICS v5, v6 and v7 on the wiki site: 

Arno Garrels  

To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to