Arno Garrels wrote: > Zvone wrote: >> well, that's great news i thought it was not fixed already and it was >> still disabled in "N" version as well. good to know! >> >> but what does this mean "require the extension as needed"? >> >> if i understood correctly - if you have 098n and server supports the >> extension, it will be used with no additional programming on the >> client side? >> if your software or server don't support extension it will fail just >> like "L" version (unless of course you allow unsafe renegotiation >> option)? > > Yes, that's correct, unless you enable option > "SslOpt_ALLOW_UNSAFE_LEGACY_RENEGOTIATION"
That stands. > which should be safe on the > client-side. Most likely that's wrong, as I recall the vulnerability, it's probably only safe to not enable option "SslOpt_ALLOW_UNSAFE_LEGACY_RENEGOTIATION". -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be