Mailinglist Archive: opensuse-bugs (4919 mails)
| < Previous | Next > |
[Bug 588671] New: Provide openssl-0.8.9m to solve TLS renegotiation issue
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Tue, 16 Mar 2010 14:56:25 +0000
- Message-id: <bug-588671-21960@xxxxxxxxxxxxxxxxxxxxxxxx/>
http://bugzilla.novell.com/show_bug.cgi?id=588671
http://bugzilla.novell.com/show_bug.cgi?id=588671#c0
Summary: Provide openssl-0.8.9m to solve TLS renegotiation
issue
Classification: openSUSE
Product: openSUSE 11.2
Version: Final
Platform: x86-64
OS/Version: openSUSE 11.2
Status: NEW
Severity: Major
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: weisz@xxxxxxxxxxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9.1.2)
Gecko/20090803 Firefox/3.5.2
The TLS renegotiation issue has up to now been solved by SuSE by disabling it.
The RFC 5746 which solves the problem has been integrated into openssl-0.9.8m.
So please provide openSuSE-conformant RPMs with this version.
As a successor step please compile apache-2.2.15 which is already available as
a SuSE RPM against that version of openssl. This provides the web site with the
option to accept or deny TLS renegotiation requests without the provision of
the security feature introduced RFC 5746. This will be a real solution to bug
558176 whose status is "resolved upstream" but in reality is still unsolved.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588671#c0
Summary: Provide openssl-0.8.9m to solve TLS renegotiation
issue
Classification: openSUSE
Product: openSUSE 11.2
Version: Final
Platform: x86-64
OS/Version: openSUSE 11.2
Status: NEW
Severity: Major
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: weisz@xxxxxxxxxxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9.1.2)
Gecko/20090803 Firefox/3.5.2
The TLS renegotiation issue has up to now been solved by SuSE by disabling it.
The RFC 5746 which solves the problem has been integrated into openssl-0.9.8m.
So please provide openSuSE-conformant RPMs with this version.
As a successor step please compile apache-2.2.15 which is already available as
a SuSE RPM against that version of openssl. This provides the web site with the
option to accept or deny TLS renegotiation requests without the provision of
the security feature introduced RFC 5746. This will be a real solution to bug
558176 whose status is "resolved upstream" but in reality is still unsolved.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |