Date: Sun, 8 Nov 2009 00:30:07 GMT From: Colin Percival <cperciva@freebsd.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555 Message-ID: <200911080030.nA80U7cj015805@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/140356; it has been noted by GNATS. From: Colin Percival <cperciva@freebsd.org> To: bug-followup@FreeBSD.org, rea-fbsd@codelabs.ru Cc: FreeBSD Security Team <secteam@freebsd.org> Subject: Re: bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555 Date: Sat, 07 Nov 2009 16:22:08 -0800 Given that this is a rather obscure issue (not many people use client certificates) I'd like to wait until there is more consensus about how this should be fixed -- it may be that the conclusion will be that the approach taken by the OpenSSL team, of disabling renegotiation, is not the right solution. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911080030.nA80U7cj015805>