Op donderdag 14 februari 2013 14:31:32 schreef Arno Töll:
> On 12.02.2013 16:08, Thijs Kinkhorst wrote:
> > Do you agree on the approach? Barring any objections I'm planning to
> > release this as a DSA after the weekend.
> 
> I am by no means an expert with the SSL API, but I believe your patch to
> disable SSL compression looks fine (although diverging from upstream's
> fix as you noted). Yours looks pretty much like the fix we applied to
> Apache.
> 
> Are you sure, the negotiation patch has no side effects with respect to
> SSL compression?

I'm pretty sure, and our tests show that the new packages both disabled the 
renegotiation and compression.

> Moreover, I would suggest to announce your change in a NEWS entry for
> stable updates. People might rely on the renegotiation feature in multi
> vhost SSL setups.

Yes, I'll make a NEWS item based on the one in Apache then, and upload to 
security-master.

> Otherwise I'm happy you provided a patch. The renegotiation fix should
> also be in Wheezy.

Yes, agreed.


Cheers,
Thijs

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to