openssl advisory:
http://www.openssl.org/news/secadv_2009.txt
"The workaround in 0.9.8l simply bans all renegotiation. Because of the
nature of the attack, this is only an effective defence when deployed
on servers. Upgraded clients will still be vulnerable.
Servers that need renegotiation t
Warning: this is the version that has ssl renegotiation completely
disabled as a fix for CVE-2009-3555. This may break applications that we
support.
>From the openssl changelog:
*) Disable renegotiation completely - this fixes a severe security
problem at the cost of breaking all renegotia
** Branch linked: lp:~nvalcarcel/ubuntu/lucid/openssl/openssl-merge
--
Please merge Openssl 0.9.8k-6 from debian testing
https://bugs.launchpad.net/bugs/493392
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Changed in: openssl (Ubuntu)
Status: In Progress => Confirmed
--
Please merge Openssl 0.9.8k-6 from debian testing
https://bugs.launchpad.net/bugs/493392
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing l