httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: Tagging 2.2.15 to play openssl catchup?
Date Fri, 26 Feb 2010 11:38:41 GMT
On Fri, Feb 26, 2010 at 12:17:14PM +0100, Rainer Jung wrote:
> Isn't 0.9.8m by default still allowing unsafe renegs? So updated
> clients will be safe, but the server doesn't enforce the safetyness
> (and reject unsafe client).

No, OpenSSL now only allows secure reneg by default, so this is 
backwards-incompatible with unpatched clients by default.

> trunk already contains a patch by Joe that allows the admin to
> decide, whether he wants to reject unsafe reneg or not.
> 
> The revisions of the patch and some additiona to it are:
> 
> 906039
> 906057
> 906067
> 906116
> 906454
> 906485
> 906491
> 906493
> 908015
> 
> I guess backporting is pretty straightforward. Wouldn't it be nice
> to already support this with 2.2.15?
> 
> Joe, do you already have a candidate, or should I suggest a backport
> patch myself?

I'm working on this today.  To answer Ruediger's question: yes, the 
stuff in trunk should work with 0.9.8m since the API is the same, but I 
haven't tested it yet.

Regards, Joe

Mime
View raw message