Date: Sun, 20 Dec 2009 00:20:56 +1100 From: Sean <sean@gothic.net.au> To: Maxim Dounin <mdounin@mdounin.ru> Cc: freebsd-stable@freebsd.org Subject: Re: SSL appears to be broken in 8-STABLE/RELEASE Message-ID: <843DDCC0-9A02-40BD-BCD2-931F9A874C15@gothic.net.au> In-Reply-To: <20091219122914.GJ43547@mdounin.ru> References: <f7206c210912190058u36222a04ge474279af10c9990@mail.gmail.com> <20091219111339.GH43547@mdounin.ru> <0edc3b334fc301f51193354f7a0da61b.HRCIM@webmail.1command.com> <20091219122914.GJ43547@mdounin.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19/12/2009, at 11:29 PM, Maxim Dounin wrote: >=20 > No, my previous suggestion is unrelated. >=20 > Additionally, to re-enable renegotiation in openssl 0.9.8l you=20 > need an application which is able to set=20 > SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s->s3->flags. I=20 > haven't seen any yet, and google codesearch is able=20 > to find only one such app (proftpd). >=20 Unrelated to the issue at hand with Apache, but tor is also broken by = it, as it renegotiates the connection. tor-devel using openssl 0.9.8l sets the flag, and always used = renegotiate safely (ie. by disregarding anything which occured prior to = the renegotiation) which Apache doesn't. > Maxim Dounin > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?843DDCC0-9A02-40BD-BCD2-931F9A874C15>