httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44961] SSL session resumption does not properly work with openssl > 0.9.8f
Date Fri, 15 Jul 2011 10:41:19 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=44961

Joe Orton <jorton@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |DUPLICATE

--- Comment #2 from Joe Orton <jorton@redhat.com> 2011-07-15 10:41:19 UTC ---
Marking this as a dupe of 47055 since there is a more extensive analysis there
and it's basically the same issue.

I've not seen anything to change my opinion at bug 47055 comment 39 but I would
love to be convinced either way.  I'd also restate long-held truism:

-> design your sites to rely on per-location renegotiation at your own peril

If I was writing mod_ssl from scratch I would omit this misfeature entirely.

*** This bug has been marked as a duplicate of bug 47055 ***

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message