FreeBSD Security Advisory FreeBSD-SA-09:15.ssl
Barry Raveendran Greene
bgreene at senki.org
Thu Dec 10 15:07:55 UTC 2009
> > Actually, pretty much anyone who uses client certificates in an
> > enterprise environment is likely to have a problem with this, which
> is
> > why the IETF TLS working group is working on publishing a protocol
> > fix. It looks like that RFC should be published, at Proposed
> > Standard, in a few weeks, and most vendors look prepared to release
> > implementations of the fix immediately thereafter (as soon as the
> > relevant constants are assigned by IANA).
> >
> > -GAWollman
>
> This advisory kinda made big problem here in local (things stopped
> working). I had to do rollback this update because of "session
> renegotiation" breakage.
>
> Is there some workaround to make things work along with this advisory?
> Maybe switch to ports/security/openssl ?
>
> Can anyone comment on this one?
> Thanks in advance.
You will have to wait on the TLS Working Group in the IETF to finish if your application needs renegotiation. The "HOT PAGE" on this topic for the industry is here:
http://www.icasi.org/tls-ssl.html
More information about the freebsd-security
mailing list