Comment 2 for bug 493392
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote Re: Please merge Openssl 0.9.8k-6 from debian testing | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
openssl advisory:
http://
"The workaround in 0.9.8l simply bans all renegotiation. Because of the
nature of the attack, this is only an effective defence when deployed
on servers. Upgraded clients will still be vulnerable.
Servers that need renegotiation to function correctly obviously cannot
deploy this fix without breakage."