Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 8 Nov 2009 00:30:07 GMT
From:      Colin Percival <cperciva@freebsd.org>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555
Message-ID:  <200911080030.nA80U7cj015805@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/140356; it has been noted by GNATS.

From: Colin Percival <cperciva@freebsd.org>
To: bug-followup@FreeBSD.org, rea-fbsd@codelabs.ru
Cc: FreeBSD Security Team <secteam@freebsd.org>
Subject: Re: bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555
Date: Sat, 07 Nov 2009 16:22:08 -0800

 Given that this is a rather obscure issue (not many people use client
 certificates) I'd like to wait until there is more consensus about how
 this should be fixed -- it may be that the conclusion will be that the
 approach taken by the OpenSSL team, of disabling renegotiation, is
 not the right solution.
 
 -- 
 Colin Percival
 Security Officer, FreeBSD | freebsd.org | The power to serve
 Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911080030.nA80U7cj015805>