SSL appears to be broken in 8-STABLE/RELEASE
Chris H
chris# at 1command.com
Sat Dec 19 11:24:00 UTC 2009
On Sat, December 19, 2009 3:13 am, Maxim Dounin wrote:
> Hello!
>
>
> On Sat, Dec 19, 2009 at 09:58:49AM +0100, H. Ingow wrote:
>
>
> [...]
>
>
>> Please try to compile your application against the version of openssl
>> available in the ports tree.
>>
>> As you already mentioned (SA-09:15) breaks renegotiation with base system's
>> openssl by fixing a security issue ( it actually does).
>>
>> Prerequisite for the following is, of course, to install
>> /usr/ports/security/openssl which will give you
>> openssl 0.9.8l . (You do not necessarily have to remove the base openssl)
>
> OpenSSL 0.9.8l has renegotiation disabled too, this won't help.
>
>
> The only difference is that 0.9.8l has some means to re-enable
> legacy renegotiation which may be utilized by applications which are aware of the
> problem.
Which is exactly what's required to implement your previous suggestion. :)
--Chris H
>
> Maxim Dounin
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
>
More information about the freebsd-stable
mailing list