Date: Sat, 19 Dec 2009 03:23:57 -0800 (PST) From: "Chris H" <chris#@1command.com> To: freebsd-stable@freebsd.org Subject: Re: SSL appears to be broken in 8-STABLE/RELEASE Message-ID: <0edc3b334fc301f51193354f7a0da61b.HRCIM@webmail.1command.com> In-Reply-To: <20091219111339.GH43547@mdounin.ru> References: <f7206c210912190058u36222a04ge474279af10c9990@mail.gmail.com> <20091219111339.GH43547@mdounin.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, December 19, 2009 3:13 am, Maxim Dounin wrote: > Hello! > > > On Sat, Dec 19, 2009 at 09:58:49AM +0100, H. Ingow wrote: > > > [...] > > >> Please try to compile your application against the version of openssl >> available in the ports tree. >> >> As you already mentioned (SA-09:15) breaks renegotiation with base system's >> openssl by fixing a security issue ( it actually does). >> >> Prerequisite for the following is, of course, to install >> /usr/ports/security/openssl which will give you >> openssl 0.9.8l . (You do not necessarily have to remove the base openssl) > > OpenSSL 0.9.8l has renegotiation disabled too, this won't help. > > > The only difference is that 0.9.8l has some means to re-enable > legacy renegotiation which may be utilized by applications which are aware of the > problem. Which is exactly what's required to implement your previous suggestion. :) --Chris H > > Maxim Dounin > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0edc3b334fc301f51193354f7a0da61b.HRCIM>