bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555

Colin Percival cperciva at
Sun Nov 8 00:30:08 UTC 2009

The following reply was made to PR bin/140356; it has been noted by GNATS.

From: Colin Percival <cperciva at>
To: bug-followup at, rea-fbsd at
Cc: FreeBSD Security Team <secteam at>
Subject: Re: bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555
Date: Sat, 07 Nov 2009 16:22:08 -0800

 Given that this is a rather obscure issue (not many people use client
 certificates) I'd like to wait until there is more consensus about how
 this should be fixed -- it may be that the conclusion will be that the
 approach taken by the OpenSSL team, of disabling renegotiation, is
 not the right solution.
 Colin Percival
 Security Officer, FreeBSD | | The power to serve
 Founder / author, Tarsnap | | Online backups for the truly paranoid

More information about the freebsd-bugs mailing list