Date: Thu, 10 Dec 2009 06:41:00 -0800 From: "Barry Raveendran Greene" <bgreene@senki.org> To: =?UTF-8?Q?'Bogdan_=C4=86ulibrk'?= <bc@default.rs>, <freebsd-security@freebsd.org> Cc: wollman@bimajority.org Subject: RE: FreeBSD Security Advisory FreeBSD-SA-09:15.ssl Message-ID: <000301ca79a6$d24cc8e0$76e65aa0$@org> In-Reply-To: <4B20D86B.7080800@default.rs> References: <4B20D86B.7080800@default.rs>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Actually, pretty much anyone who uses client certificates in an > > enterprise environment is likely to have a problem with this, which > is > > why the IETF TLS working group is working on publishing a protocol > > fix. It looks like that RFC should be published, at Proposed > > Standard, in a few weeks, and most vendors look prepared to release > > implementations of the fix immediately thereafter (as soon as the > > relevant constants are assigned by IANA). > > > > -GAWollman >=20 > This advisory kinda made big problem here in local (things stopped > working). I had to do rollback this update because of "session > renegotiation" breakage. >=20 > Is there some workaround to make things work along with this advisory? > Maybe switch to ports/security/openssl ? >=20 > Can anyone comment on this one? > Thanks in advance. You will have to wait on the TLS Working Group in the IETF to finish if = your application needs renegotiation. The "HOT PAGE" on this topic for = the industry is here: http://www.icasi.org/tls-ssl.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301ca79a6$d24cc8e0$76e65aa0$>