On 12.11.2009 17:39, Mladen Turk wrote: > Well even OpenSSL folks admitted that 0.9.8l wrongly approached > dealing to that issue. They even removed the > SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION flag from the 0.9.8 branch > and now they use SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION using > different tricks. > > So IMHO 0.9.8l is simply dead end and shouldn't be used.
+1, recent discussion on openssl list points pretty well in this direction. 0.9.8 head has the block on renegotiation problem fixed. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
