From owner-freebsd-security@FreeBSD.ORG Thu Dec 10 12:23:04 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62A54106566C for ; Thu, 10 Dec 2009 12:23:04 +0000 (UTC) (envelope-from bc@default.rs) Received: from smtp2.default.rs (anarki.default.rs [87.237.201.134]) by mx1.freebsd.org (Postfix) with ESMTP id 9A1618FC15 for ; Thu, 10 Dec 2009 12:23:02 +0000 (UTC) Received: (qmail 22614 invoked by uid 89); 10 Dec 2009 12:23:01 -0000 Received: from bc.sezamhosting.com (HELO ?77.105.36.251?) (bc@default.rs@77.105.36.251) by smtp2.default.rs with AES256-SHA encrypted SMTP; 10 Dec 2009 12:23:01 -0000 Message-ID: <4B20E812.508@default.rs> Date: Thu, 10 Dec 2009 13:22:42 +0100 From: =?UTF-8?B?Qm9nZGFuIMSGdWxpYnJr?= User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <4B20D86B.7080800@default.rs> <86my1rm4ic.fsf@ds4.des.no> In-Reply-To: <86my1rm4ic.fsf@ds4.des.no> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org, wollman@bimajority.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:15.ssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2009 12:23:04 -0000 Dag-Erling Smørgrav wrote: > Bogdan Ćulibrk writes: >> This advisory kinda made big problem here in local (things stopped >> working). I had to do rollback this update because of "session >> renegotiation" breakage. > > That's the whole point, the patch disables session renegotiation because > it's fundamentally broken. > >> Is there some workaround to make things work along with this advisory? > > You didn't mention *what* stopped working. > >> Maybe switch to ports/security/openssl ? > > Won't make any difference. > > DES Hello, basically whole communication between two application relied on using exactly this "funcionality" in openssl.