[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken
Matt Caswell via RT
rt at openssl.org
Fri Oct 16 11:00:09 UTC 2015
On 16/10/15 11:57, Kurt Roeckx via RT wrote:
> On Fri, Oct 16, 2015 at 08:53:06AM +0000, Matt Caswell via RT wrote:
>>
>> So now I really don't know what the "right" way forward is. Should we be
>> applying the patch or not?
>
> Has anybody contact Oracle about this issue? It seems useful that
> they fix it on their end, regardless of what we do.
No, but according to the spec they are doing it right - nothing to fix.
That's part of the problem: the spec says one thing but the advice we
are getting from TLS WG says something slightly different.
Matt
More information about the openssl-dev
mailing list