[openssl-dev] Renegotiation ticket 3712
Matt Caswell
matt at openssl.org
Mon Apr 3 10:28:34 UTC 2017
On 03/04/17 11:24, Mody, Darshan (Darshan) wrote:
> Thanks Matt,
>
> Just another query. Is the issue addressed in the latest openssl 1.1.0?
My answer was for 1.1.0 (as was your original question)? In any case it
is not addressed in any OpenSSL version.
Matt
>
> Regards
> Darshan
>
> -----Original Message-----
> From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
> Sent: Monday, April 03, 2017 2:53 PM
> To: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] Renegotiation ticket 3712
>
>
>
> On 02/04/17 04:50, Mody, Darshan (Darshan) wrote:
>> Hi Matt,
>>
>> Is re-negotiation fixed with openssl 1.1.0 ?
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__rt.openssl.org_Ti
>> cket_Display.html-3Fid-3D3712-26user-3Dguest-26pass-3Dguesthttps-3A__r
>> t.openssl.org_Ticket_Display.html-3Fid-3D3712-26user-3Dguest-26pass-3D
>> guest&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXza
>> IDagy9EuEhJrKfQ&m=0_oGDu1Nd351FfLBQxFRBsvQxamucuAh4kuC9XC9rng&s=Ni8yD4
>> vI9arECJEB4AvTHTPslAIBDOyQYItrnXI8Ho8&e=
>>
>> From the ticket it seems its marked resolved but your patch is not in
>> the openssl base due to possible vulnerabilities.
>
> No, this issue is not fixed. It would require a major overhaul to properly fix it, and I don't think it is considered worth it for this issue.
>
> Matt
> --
> openssl-dev mailing list
> To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=0_oGDu1Nd351FfLBQxFRBsvQxamucuAh4kuC9XC9rng&s=u1jQpWruXjaddyFVQW6x3TnRYA3CsHe1XzBwNlHn3p0&e=
>
More information about the openssl-dev
mailing list