bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555
Colin Percival
cperciva at freebsd.org
Sun Nov 8 00:30:08 UTC 2009
The following reply was made to PR bin/140356; it has been noted by GNATS.
From: Colin Percival <cperciva at freebsd.org>
To: bug-followup at FreeBSD.org, rea-fbsd at codelabs.ru
Cc: FreeBSD Security Team <secteam at freebsd.org>
Subject: Re: bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555
Date: Sat, 07 Nov 2009 16:22:08 -0800
Given that this is a rather obscure issue (not many people use client
certificates) I'd like to wait until there is more consensus about how
this should be fixed -- it may be that the conclusion will be that the
approach taken by the OpenSSL team, of disabling renegotiation, is
not the right solution.
--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
More information about the freebsd-bugs
mailing list