On Thursday 12 November 2009, Kurt Roeckx wrote:
> On Wed, Nov 11, 2009 at 11:16:19PM +0100, Enrique D. Bosch wrote:
> > In particular, practical attacks exists against HTTPS and could
> > affect other protocols that use SSL/TLS.
> 
> It's my understanding that there is a patch for mod_ssl that
> should prevent it and which does not require changes to openssl.
> But it probably has just the same problems as the 0.9.8l version.

The mod_ssl patch only rejects renegotiations requested by the client. 
This means with the patch, configurations that don't cause apache to 
request a reneg should be safe. 



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to