<<On Thu, 3 Dec 2009 09:30:39 GMT, FreeBSD Security Advisories <security-advisor...@freebsd.org> said:
> NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate > SSL / TLS session parameters. As a result, connections in which the other > party attempts to renegotiate session parameters will break. In practice, > however, session renegotiation is a rarely-used feature, so disabling this > functionality is unlikely to cause problems for most systems. Actually, pretty much anyone who uses client certificates in an enterprise environment is likely to have a problem with this, which is why the IETF TLS working group is working on publishing a protocol fix. It looks like that RFC should be published, at Proposed Standard, in a few weeks, and most vendors look prepared to release implementations of the fix immediately thereafter (as soon as the relevant constants are assigned by IANA). -GAWollman _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
