From owner-freebsd-security@FreeBSD.ORG  Thu Dec 10 14:55:36 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 72644106566B
	for <freebsd-security@freebsd.org>;
	Thu, 10 Dec 2009 14:55:36 +0000 (UTC) (envelope-from des@des.no)
Received: from tim.des.no (tim.des.no [194.63.250.121])
	by mx1.freebsd.org (Postfix) with ESMTP id 358088FC1A
	for <freebsd-security@freebsd.org>;
	Thu, 10 Dec 2009 14:55:35 +0000 (UTC)
Received: from ds4.des.no (des.no [84.49.246.2])
	by smtp.des.no (Postfix) with ESMTP id 3DC296D41B;
	Thu, 10 Dec 2009 14:55:35 +0000 (UTC)
Received: by ds4.des.no (Postfix, from userid 1001)
	id 1CCDB84529; Thu, 10 Dec 2009 15:55:35 +0100 (CET)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Dan Lukes <dan@obluda.cz>
References: <4B20D86B.7080800@default.rs> <86my1rm4ic.fsf@ds4.des.no>
	<4B20E812.508@default.rs> <4B2101D8.7010201@obluda.cz>
Date: Thu, 10 Dec 2009 15:55:35 +0100
In-Reply-To: <4B2101D8.7010201@obluda.cz> (Dan Lukes's message of "Thu, 10 Dec
	2009 15:12:40 +0100")
Message-ID: <86hbrylvyw.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.95 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:15.ssl
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2009 14:55:36 -0000

Dan Lukes <dan@obluda.cz> writes:
> Even after the patch has been installed, my browser is still able to
> connect to SSL aware HTTP servers. My MUA is still sending/receiving
> emails over SMTP/SSL and IMAP/SSL ...

Do you use client-side certificates?

> I'm not saying you have no problem, i'm saying the problem is not as
> general as you claim. So we need exact description of your problem.

Language barrier.  What he actually meant was "all communication between
these two applications that we use relies on session renegotiation"
without specifying exactly *which* applications, probably because
they're in-house and / or confidential.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no