On Fri, Dec 25, 2009 at 05:06:14PM +0200, Stefanos Harhalakis wrote: > Hello, > > I also have this problem. > > Looking at the source code, proftpd assumes that ssl renegotiation only needs > to be enabled with openssl >=0.8.9l (Testing/Unstable have 0.8.9k where it is > enabled). However, upload of 0.8.9k-6 for debian disabled that: > > openssl (0.9.8k-6) unstable; urgency=low > > * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829) > > -- Kurt Roeckx <k...@roeckx.be> Thu, 12 Nov 2009 18:10:31 +0000 > > Proftpd needs to be changed to enable renegotiations even with the current > debian version of openssl. > > This may also need to be accompanied by a modification in the "Depends" for > proper openssl version. >
Ah thanks, I did not note that. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
