httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48850] New: clarification on OpenSSL 0.9.8l - Renegotiating vulnerability
Date Wed, 03 Mar 2010 18:41:27 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48850

           Summary: clarification on OpenSSL 0.9.8l - Renegotiating
                    vulnerability
           Product: Apache httpd-2
           Version: 2.2.14
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Build
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: rajat.ray@gmail.com


Hi,

Wanted a clarification on OpenSSL 0.9.8l ( CVE-2009-3555 - TLS / SSLv3
Renegotiating vulnerability)  .  When I execute the following


 ./openssl s_client -connect  www.testapp.com:8090

--- [snipped... openssl output]

HEAD / HTTP/1.0
R
RENEGOTIATING
<Enter>

The below output is shown


HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"7777-1266209541000"
Last-Modified: Mon, 15 Feb 2010 04:52:21 GMT
Content-Type: text/html
Content-Length: 7777
Date: Wed, 03 Mar 2010 17:44:54 GMT
Connection: close

What I want to know is if this should output the header details or should that
be suppressed also. As per a lot of forums  I should get this error
“28874:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:530:” 

OR

The connection blocks and timeouts after a while
Could someone please clarify.

Thanks
Rajat

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message