Date: Thu, 3 Dec 2009 17:52:58 -0500 From: Garrett Wollman <wollman@bimajority.org> To: freebsd-security@freebsd.org Subject: FreeBSD Security Advisory FreeBSD-SA-09:15.ssl Message-ID: <19224.16714.510240.508679@hergotha.csail.mit.edu> In-Reply-To: <200912030930.nB39UdMK037494@freefall.freebsd.org> References: <200912030930.nB39UdMK037494@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 3 Dec 2009 09:30:39 GMT, FreeBSD Security Advisories <security-advisories@freebsd.org> said: > NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate > SSL / TLS session parameters. As a result, connections in which the other > party attempts to renegotiate session parameters will break. In practice, > however, session renegotiation is a rarely-used feature, so disabling this > functionality is unlikely to cause problems for most systems. Actually, pretty much anyone who uses client certificates in an enterprise environment is likely to have a problem with this, which is why the IETF TLS working group is working on publishing a protocol fix. It looks like that RFC should be published, at Proposed Standard, in a few weeks, and most vendors look prepared to release implementations of the fix immediately thereafter (as soon as the relevant constants are assigned by IANA). -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19224.16714.510240.508679>