tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: SSL renegociation vulnerability

To: Brian Seklecki <seklecki%noc.cfi.pgh.pa.us@localhost>
Subject: Re: SSL renegociation vulnerability
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Fri, 4 Dec 2009 11:27:09 -0500

On Fri, Dec 04, 2009 at 01:13:52AM -0500, Brian Seklecki wrote:
> 
> However, I can confirm that:
> 
>   http://security.FreeBSD.org/patches/SA-09:15/ssl.patch

If this is the patch from OpenSSL 0.9.8l it should not be applied to
NetBSD; it is broken and introduces both forward *and* backwards API
and ABI incompatibility.

Thor

Follow-Ups:
- Re: SSL renegociation vulnerability
  - From: Christos Zoulas

References:
- Re: SSL renegociation vulnerability
  - From: Emmanuel Dreyfus
- Re: SSL renegociation vulnerability
  - From: Brian Seklecki

Prev by Date: Re: SSL renegociation vulnerability
Next by Date: Re: SSL renegociation vulnerability
Previous by Thread: Re: SSL renegociation vulnerability
Next by Thread: Re: SSL renegociation vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index