httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCárthaigh <c...@allcosts.net>
Subject Re: TLS renegotiation attack, mod_ssl and OpenSSL
Date Fri, 06 Nov 2009 18:57:24 GMT
2009/11/6 Colm MacCárthaigh <colm@allcosts.net>:
> On Thu, Nov 5, 2009 at 6:01 AM, Joe Orton <jorton@redhat.com> wrote
>> 3. some mod_ssl configurations, typically requiring client cert auth in
>> a per-directory/location context, do require the server to initiate a
>> renegotiation.
>
> For this, shouldn't it be sufficient for us to discard any pending
> input that arrived prior to the reneg?

To answer my own question; No, it's not, never mind.

-- 
Colm

Mime
View raw message