From owner-freebsd-security@FreeBSD.ORG  Thu Dec 10 14:13:07 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A12471065672
	for <freebsd-security@freebsd.org>;
	Thu, 10 Dec 2009 14:13:07 +0000 (UTC) (envelope-from dan@obluda.cz)
Received: from smtp1.kolej.mff.cuni.cz (smtp1.kolej.mff.cuni.cz
	[IPv6:2001:718:1e03:a01::a])
	by mx1.freebsd.org (Postfix) with ESMTP id 3A6658FC15
	for <freebsd-security@freebsd.org>;
	Thu, 10 Dec 2009 14:12:51 +0000 (UTC)
X-Envelope-From: dan@obluda.cz
Received: from kgw.obluda.cz (openvpn.ms.mff.cuni.cz [195.113.20.87])
	by smtp1.kolej.mff.cuni.cz (8.14.3/8.14.3) with ESMTP id nBAECeaT069199
	for <freebsd-security@freebsd.org>;
	Thu, 10 Dec 2009 15:12:42 +0100 (CET) (envelope-from dan@obluda.cz)
Message-ID: <4B2101D8.7010201@obluda.cz>
Date: Thu, 10 Dec 2009 15:12:40 +0100
From: Dan Lukes <dan@obluda.cz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.8.1.23) Gecko/20090908 SeaMonkey/1.1.18
MIME-Version: 1.0
To: freebsd-security@freebsd.org
References: <4B20D86B.7080800@default.rs> <86my1rm4ic.fsf@ds4.des.no>
	<4B20E812.508@default.rs>
In-Reply-To: <4B20E812.508@default.rs>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:15.ssl
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2009 14:13:07 -0000

Bogdan =C4=86ulibrk napsal/wrote, On 12/10/09 13:22:
>> That's the whole point, the patch disables session renegotiation becau=
se
>> it's fundamentally broken.
>>=20
>>> Is there some workaround to make things work along with this advisory=
?
>>=20
>> You didn't mention *what* stopped working.

> basically whole communication between two application relied on using
> exactly this "funcionality" in openssl.

AFAIK, no.

Even after the patch has been installed, my browser is still able to=20
connect to SSL aware HTTP servers. My MUA is still sending/receiving=20
emails over SMTP/SSL and IMAP/SSL ...

I'm not saying you have no problem, i'm saying the problem is not as=20
general as you claim. So we need exact description of your problem.

						Dan