Re: SSL renegociation vulnerability

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: SSL renegociation vulnerability
From: Brian Seklecki <seklecki%noc.cfi.pgh.pa.us@localhost>
Date: Fri, 04 Dec 2009 01:13:52 -0500

On Thu, 2009-12-03 at 04:16 +0100, Emmanuel Dreyfus wrote:
> 
> This fix is just about mod_proxy_ftp, not the whole SSL handshake bug,
> isn't it?
> 

Yea I was half asleep when I posted that.  Thanks for the catch.

However, I can confirm that:

  http://security.FreeBSD.org/patches/SA-09:15/ssl.patch

...applies cleanly.  Just made a release build.sh on netbsd-5 with it.
I certainly wont be sleeping any better, though, knowing that this is
the work-around.

~BAS

>

Follow-Ups:
- Re: SSL renegociation vulnerability
  - From: Thor Lancelot Simon

References:
- Re: SSL renegociation vulnerability
  - From: Emmanuel Dreyfus

Prev by Date: Re: SSL renegociation vulnerability
Next by Date: Re: SSL renegociation vulnerability
Previous by Thread: Re: SSL renegociation vulnerability
Next by Thread: Re: SSL renegociation vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index