From owner-freebsd-security@FreeBSD.ORG Thu Jan 7 22:07:04 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7ABDA106566C for ; Thu, 7 Jan 2010 22:07:04 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (hergotha.csail.mit.edu [66.92.79.170]) by mx1.freebsd.org (Postfix) with ESMTP id 307A28FC16 for ; Thu, 7 Jan 2010 22:07:03 +0000 (UTC) Received: from hergotha.csail.mit.edu (localhost [127.0.0.1]) by hergotha.csail.mit.edu (8.14.3/8.14.3) with ESMTP id o07M73TT097017 for ; Thu, 7 Jan 2010 17:07:03 -0500 (EST) (envelope-from wollman@hergotha.csail.mit.edu) Received: (from wollman@localhost) by hergotha.csail.mit.edu (8.14.3/8.14.3/Submit) id o07M72Hi097014; Thu, 7 Jan 2010 17:07:02 -0500 (EST) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <19270.23302.826607.888490@hergotha.csail.mit.edu> Date: Thu, 7 Jan 2010 17:07:02 -0500 From: Garrett Wollman To: freebsd-security@freebsd.org X-Mailer: VM 7.17 under 21.4 (patch 22) "Instant Classic" XEmacs Lucid X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (hergotha.csail.mit.edu [127.0.0.1]); Thu, 07 Jan 2010 17:07:03 -0500 (EST) X-Spam-Status: No, score=1.9 required=5.0 tests=ALL_TRUSTED, FH_DATE_PAST_20XX autolearn=disabled version=3.2.5 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on hergotha.csail.mit.edu X-Mailman-Approved-At: Thu, 07 Jan 2010 22:09:52 +0000 Subject: TLS renegotiation fix approved X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jan 2010 22:07:04 -0000 The IESG today approved the publication of the fix for the SSL/TLS renegotiation protocol bug as a Proposed Standard. We should expect to see updates from all the major security libraries (OpenSSL, GnuTLS, and NSS) fairly quickly as the developers have all been involved in the process and have already implemented the draft version of the fix. -GAWollman