Christian Heimes <li...@cheimes.de> added the comment: Apache mod_ssl implements CVE-2009-3555 by carefully tracking renegotiation state through-out the code base and a custom IO layer that refuses IO when the reneg_state becomes invalid.
[1] https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_private.h#L502-L513 [2] https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_engine_io.c#L202-L250 ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32257> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
