[openssl-dev] Renegotiation ticket 3712
Mody, Darshan (Darshan)
darshanmody at avaya.com
Mon Apr 3 10:24:45 UTC 2017
Thanks Matt,
Just another query. Is the issue addressed in the latest openssl 1.1.0?
Regards
Darshan
-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
Sent: Monday, April 03, 2017 2:53 PM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] Renegotiation ticket 3712
On 02/04/17 04:50, Mody, Darshan (Darshan) wrote:
> Hi Matt,
>
> Is re-negotiation fixed with openssl 1.1.0 ?
> https://urldefense.proofpoint.com/v2/url?u=https-3A__rt.openssl.org_Ti
> cket_Display.html-3Fid-3D3712-26user-3Dguest-26pass-3Dguesthttps-3A__r
> t.openssl.org_Ticket_Display.html-3Fid-3D3712-26user-3Dguest-26pass-3D
> guest&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXza
> IDagy9EuEhJrKfQ&m=0_oGDu1Nd351FfLBQxFRBsvQxamucuAh4kuC9XC9rng&s=Ni8yD4
> vI9arECJEB4AvTHTPslAIBDOyQYItrnXI8Ho8&e=
>
> From the ticket it seems its marked resolved but your patch is not in
> the openssl base due to possible vulnerabilities.
No, this issue is not fixed. It would require a major overhaul to properly fix it, and I don't think it is considered worth it for this issue.
Matt
--
openssl-dev mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=0_oGDu1Nd351FfLBQxFRBsvQxamucuAh4kuC9XC9rng&s=u1jQpWruXjaddyFVQW6x3TnRYA3CsHe1XzBwNlHn3p0&e=
More information about the openssl-dev
mailing list