SSL renegotiation was identified as a security hole in SSL processing. 
It is normally disabled in 0.9.8l.

Carter

Carter Browne
CBCS
cbro...@cbcs-usa.com
781-721-2890



Lou Picciano wrote:
> Anyone have any ideas on this?
>
> Have recently updated an otherwise working environment to include
> openSSL v0.9.8l.  Suddenly, mod_ssl is reporting:
>
> Re-negotiation handshake failed: Not accepted by client!?
>
> Other than a refresh of CRL, this configuration has been running AOK
> through openSSL 0.9.8k...
> Before we embark on the complete rebuild of the server:  Would a
> version of mod_ssl compiled against 0.9.8k utterly choke on 0.9.8l?
>
> Many thanks in advance, Lou
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to