Hi, we need the following to properly fix that issue. Fixed in 0.9.8m [25 Feb 2010] that follows http://tools.ietf.org/html/rfc5746 *) Implement RFC5746. Re-enable renegotiation but require the extension as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a bad idea. It has been replaced by SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with SSL_CTX_set_options(). This is really not recommended unless you know what you are doing. [Eric Rescorla <e...@networkresonance.com>, Ben Laurie, Steve Henson]
It should be better to switch to 0.9.8n [24 Mar 2010] Ideally to switch directly to 1.0.0 [29 Mar 2010] to avoid many security issues and reestablish SSL security in Ubuntu, otherwise there will high risk when using ubuntu server edition with services like Apache, Postfix etc... -- CVE-2009-3555 OpenSSL need to be updated to close TLS MITM attack https://bugs.launchpad.net/bugs/484417 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs