[Bug 553251] [NEW] nss should use transitional scheme for renegotiation

Jamie Strandboge Thu, 01 Apr 2010 05:40:58 -0700

Public bug reported:

3.12.6-0ubuntu1 in Ubuntu includes a fix for CVE-2009-3555, however it
uses strict checking which breaks clients connecting to unpatched
servers. This is http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=561918. While not the current upstream default,
transitional is the recommendation from upstream (from email exchange).


** Affects: nss (Ubuntu)
     Importance: High
     Assignee: Chris Coulson (chrisccoulson)
         Status: In Progress

** Changed in: nss (Ubuntu)
   Importance: Undecided => High

** Changed in: nss (Ubuntu)
       Status: New => In Progress

** Changed in: nss (Ubuntu)
    Milestone: None => ubuntu-10.04-beta-2

** Changed in: nss (Ubuntu)
     Assignee: (unassigned) => Chris Coulson (chrisccoulson)

-- 
nss should use transitional scheme for renegotiation
https://bugs.launchpad.net/bugs/553251
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 553251] [NEW] nss should use transitional scheme for renegotiation

Reply via email to