[openssl-dev] Renegotiation ticket 3712
Matt Caswell
matt at openssl.org
Mon Apr 3 09:23:02 UTC 2017
On 02/04/17 04:50, Mody, Darshan (Darshan) wrote:
> Hi Matt,
>
> Is re-negotiation fixed with openssl 1.1.0
> ? https://rt.openssl.org/Ticket/Display.html?id=3712&user=guest&pass=guesthttps://rt.openssl.org/Ticket/Display.html?id=3712&user=guest&pass=guest
>
> From the ticket it seems its marked resolved but your patch is not in
> the openssl base due to possible vulnerabilities.
No, this issue is not fixed. It would require a major overhaul to
properly fix it, and I don't think it is considered worth it for this issue.
Matt
More information about the openssl-dev
mailing list