httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCárthaigh <c...@allcosts.net>
Subject Re: TLS renegotiation attack, mod_ssl and OpenSSL
Date Fri, 06 Nov 2009 18:24:18 GMT
On Thu, Nov 5, 2009 at 6:01 AM, Joe Orton <jorton@redhat.com> wrote
> 3. some mod_ssl configurations, typically requiring client cert auth in
> a per-directory/location context, do require the server to initiate a
> renegotiation.

For this, shouldn't it be sufficient for us to discard any pending
input that arrived prior to the reneg?

-- 
Colm

Mime
View raw message