Hoby Smith wrote: > Oh well, so we have another, "oh no, SSL is broke" issue. Of course > we do. Just wait. This one will be addressed and then the next > weakness will emerge. ALL Web stack technologies are broke regarding > security and have been since they were innovated.
In this case it's not a HTTP issue but a native SSL protocol vulnerability (http://extendedsubset.com/?p=8) it just happens to work nicely with HTTPS POST and it requires client certificate authentication. OpenSSL v0.9.8L disables session renegotiation due to this vulnerability. If your application relied on session renegotiation OpenSSL v0.9.8L will break it. OpenSSL v0.9.8L is available for ICS v5, v6 and v7 on the wiki site: http://wiki.overbyte.be/wiki/index.php/FAQ#How_to_get_ICS. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be