SSL appears to be broken in 8-STABLE/RELEASE
Sean
sean at gothic.net.au
Sat Dec 19 13:21:00 UTC 2009
On 19/12/2009, at 11:29 PM, Maxim Dounin wrote:
>
> No, my previous suggestion is unrelated.
>
> Additionally, to re-enable renegotiation in openssl 0.9.8l you
> need an application which is able to set
> SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s->s3->flags. I
> haven't seen any yet, and google codesearch is able
> to find only one such app (proftpd).
>
Unrelated to the issue at hand with Apache, but tor is also broken by it, as it renegotiates the connection.
tor-devel using openssl 0.9.8l sets the flag, and always used renegotiate safely (ie. by disregarding anything which occured prior to the renegotiation) which Apache doesn't.
> Maxim Dounin
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-stable
mailing list