[Bug 493392] Re: Please merge Openssl 0.9.8k-6 from debian testing
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Dec 7 03:15:02 GMT 2009
openssl advisory:
http://www.openssl.org/news/secadv_20091111.txt
"The workaround in 0.9.8l simply bans all renegotiation. Because of the
nature of the attack, this is only an effective defence when deployed
on servers. Upgraded clients will still be vulnerable.
Servers that need renegotiation to function correctly obviously cannot
deploy this fix without breakage."
--
Please merge Openssl 0.9.8k-6 from debian testing
https://bugs.launchpad.net/bugs/493392
You received this bug notification because you are a member of Ubuntu
Sponsors for main, which is a direct subscriber.
More information about the Ubuntu-main-sponsors
mailing list