On 19/12/2009, at 11:29 PM, Maxim Dounin wrote: > > No, my previous suggestion is unrelated. > > Additionally, to re-enable renegotiation in openssl 0.9.8l you > need an application which is able to set > SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s->s3->flags. I > haven't seen any yet, and google codesearch is able > to find only one such app (proftpd). >
Unrelated to the issue at hand with Apache, but tor is also broken by it, as it renegotiates the connection. tor-devel using openssl 0.9.8l sets the flag, and always used renegotiate safely (ie. by disregarding anything which occured prior to the renegotiation) which Apache doesn't. > Maxim Dounin > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
