Thanks Matt, Just another query. Is the issue addressed in the latest openssl 1.1.0?
Regards Darshan -----Original Message----- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Matt Caswell Sent: Monday, April 03, 2017 2:53 PM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] Renegotiation ticket 3712 On 02/04/17 04:50, Mody, Darshan (Darshan) wrote: > Hi Matt, > > Is re-negotiation fixed with openssl 1.1.0 ? > https://urldefense.proofpoint.com/v2/url?u=https-3A__rt.openssl.org_Ti > cket_Display.html-3Fid-3D3712-26user-3Dguest-26pass-3Dguesthttps-3A__r > t.openssl.org_Ticket_Display.html-3Fid-3D3712-26user-3Dguest-26pass-3D > guest&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXza > IDagy9EuEhJrKfQ&m=0_oGDu1Nd351FfLBQxFRBsvQxamucuAh4kuC9XC9rng&s=Ni8yD4 > vI9arECJEB4AvTHTPslAIBDOyQYItrnXI8Ho8&e= > > From the ticket it seems its marked resolved but your patch is not in > the openssl base due to possible vulnerabilities. No, this issue is not fixed. It would require a major overhaul to properly fix it, and I don't think it is considered worth it for this issue. Matt -- openssl-dev mailing list To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=0_oGDu1Nd351FfLBQxFRBsvQxamucuAh4kuC9XC9rng&s=u1jQpWruXjaddyFVQW6x3TnRYA3CsHe1XzBwNlHn3p0&e= -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev