On Sat, December 19, 2009 3:13 am, Maxim Dounin wrote: > Hello! > > > On Sat, Dec 19, 2009 at 09:58:49AM +0100, H. Ingow wrote: > > > [...] > > >> Please try to compile your application against the version of openssl >> available in the ports tree. >> >> As you already mentioned (SA-09:15) breaks renegotiation with base system's >> openssl by fixing a security issue ( it actually does). >> >> Prerequisite for the following is, of course, to install >> /usr/ports/security/openssl which will give you >> openssl 0.9.8l . (You do not necessarily have to remove the base openssl) > > OpenSSL 0.9.8l has renegotiation disabled too, this won't help. > > > The only difference is that 0.9.8l has some means to re-enable > legacy renegotiation which may be utilized by applications which are aware of > the > problem. Which is exactly what's required to implement your previous suggestion. :)
--Chris H > > Maxim Dounin > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" > > _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
