Re: FreeBSD Security Advisory FreeBSD-SA-09:15.ssl
Maxim Dounin writes:
> It's not true. Patch (as well as OpenSSL 0.9.8l) breaks only apps that do
> not request client certs in initial handshake, but instead do it via
> renegotiation. It's not really commonly used feature.
The ideal case is not the typical case:
http://extendedsubset.com/Renegotiating_TLS_pd.pdf
The plain fact is that client cert auth often needs reneg in apps as
deployed in the world. Often, web servers need to check (for example) a
virtual-host-specific configuration before realizing they need to request
client cert auth.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 18 之 20 篇):