Date: Sat, 19 Dec 2009 14:13:40 +0300 From: Maxim Dounin <mdounin@mdounin.ru> To: "H. Ingow" <hingow@googlemail.com> Cc: freebsd-stable@freebsd.org Subject: Re: SSL appears to be broken in 8-STABLE/RELEASE Message-ID: <20091219111339.GH43547@mdounin.ru> In-Reply-To: <f7206c210912190058u36222a04ge474279af10c9990@mail.gmail.com> References: <f7206c210912190058u36222a04ge474279af10c9990@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! On Sat, Dec 19, 2009 at 09:58:49AM +0100, H. Ingow wrote: [...] > Please try to compile your application against the version of openssl > available in the ports tree. > > As you already mentioned (SA-09:15) breaks renegotiation with base system's > openssl by fixing > a security issue ( it actually does). > > Prerequisite for the following is, of course, to install > /usr/ports/security/openssl which will give you > openssl 0.9.8l . (You do not necessarily have to remove the base openssl) OpenSSL 0.9.8l has renegotiation disabled too, this won't help. The only difference is that 0.9.8l has some means to re-enable legacy renegotiation which may be utilized by applications which are aware of the problem. Maxim Dounin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091219111339.GH43547>