SSL appears to be broken in 8-STABLE/RELEASE

Maxim Dounin mdounin at
Sat Dec 19 11:13:41 UTC 2009


On Sat, Dec 19, 2009 at 09:58:49AM +0100, H. Ingow wrote:


> Please try to compile your application against the version of openssl
> available in the ports tree.
> As you already mentioned (SA-09:15) breaks renegotiation with base system's
> openssl by fixing
> a security issue ( it actually does).
> Prerequisite for the following is, of course, to install
> /usr/ports/security/openssl which will give you
> openssl 0.9.8l . (You do not necessarily have to remove the base openssl)

OpenSSL 0.9.8l has renegotiation disabled too, this won't help.

The only difference is that 0.9.8l has some means to re-enable 
legacy renegotiation which may be utilized by applications which 
are aware of the problem.

Maxim Dounin

More information about the freebsd-stable mailing list