http://bugzilla.novell.com/show_bug.cgi?id=588671 http://bugzilla.novell.com/show_bug.cgi?id=588671#c0 Summary: Provide openssl-0.8.9m to solve TLS renegotiation issue Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: weisz@vcpc.univie.ac.at QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9.1.2) Gecko/20090803 Firefox/3.5.2 The TLS renegotiation issue has up to now been solved by SuSE by disabling it. The RFC 5746 which solves the problem has been integrated into openssl-0.9.8m. So please provide openSuSE-conformant RPMs with this version. As a successor step please compile apache-2.2.15 which is already available as a SuSE RPM against that version of openssl. This provides the web site with the option to accept or deny TLS renegotiation requests without the provision of the security feature introduced RFC 5746. This will be a real solution to bug 558176 whose status is "resolved upstream" but in reality is still unsolved. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.