SSL appears to be broken in 8-STABLE/RELEASE
Maxim Dounin
mdounin at mdounin.ru
Sat Dec 19 11:13:41 UTC 2009
Hello!
On Sat, Dec 19, 2009 at 09:58:49AM +0100, H. Ingow wrote:
[...]
> Please try to compile your application against the version of openssl
> available in the ports tree.
>
> As you already mentioned (SA-09:15) breaks renegotiation with base system's
> openssl by fixing
> a security issue ( it actually does).
>
> Prerequisite for the following is, of course, to install
> /usr/ports/security/openssl which will give you
> openssl 0.9.8l . (You do not necessarily have to remove the base openssl)
OpenSSL 0.9.8l has renegotiation disabled too, this won't help.
The only difference is that 0.9.8l has some means to re-enable
legacy renegotiation which may be utilized by applications which
are aware of the problem.
Maxim Dounin
More information about the freebsd-stable
mailing list