Date: Sun, 3 Jun 2012 21:52:36 -0500 From: Scot Hetzel <swhetzel@gmail.com> To: Oleg Moskalenko <oleg.moskalenko@citrix.com> Cc: "mm@freebsd.org" <mm@freebsd.org>, "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org> Subject: Re: Libevent2 port is not passing SSL regression tests Message-ID: <CACdU%2Bf_7pVPwh-MYPiksmbcn=CenkKZ9bE_hB=Whm8m_-DgOZg@mail.gmail.com> In-Reply-To: <031222CBCF33214AB2EB4ABA279428A3011A2D0170BB@SJCPMAILBOX01.citrite.net> References: <031222CBCF33214AB2EB4ABA279428A3011A2D0170B9@SJCPMAILBOX01.citrite.net> <031222CBCF33214AB2EB4ABA279428A3011A2D0170BB@SJCPMAILBOX01.citrite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 3, 2012 at 5:29 PM, Oleg Moskalenko <oleg.moskalenko@citrix.com> wrote: > I got reply from libevent guys: > > ====================================== > This is actually an openssl bug that prevents OpenSSL 1.0.1 from > renegotiating with itself successfully when it has negotiated TLS 1.1 or > TLS 1.2. > > It doesn't seem to have an OpenSSL ticket yet; we only figured it out > yesterday on the Tor bugtracker. See > https://trac.torproject.org/projects/tor/ticket/6033 for what we learned > there. With any luck, this should be fixed in openssl 1.0.1d or 1.0.1e. > It is nothing to worry about, unless you're using renegotiation with > OpenSSL and TLS 1.1 or TLS 1.2. > Looks like OpenSSL has a fix for this: http://cvs.openssl.org/chngview?cn=22567 We might want to add a patch to the OpenSSL port to fix this before 1.01d is released. Scot
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACdU%2Bf_7pVPwh-MYPiksmbcn=CenkKZ9bE_hB=Whm8m_-DgOZg>