openssl advisory: http://www.openssl.org/news/secadv_20091111.txt
"The workaround in 0.9.8l simply bans all renegotiation. Because of the nature of the attack, this is only an effective defence when deployed on servers. Upgraded clients will still be vulnerable. Servers that need renegotiation to function correctly obviously cannot deploy this fix without breakage." -- Please merge Openssl 0.9.8k-6 from debian testing https://bugs.launchpad.net/bugs/493392 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs