You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/03/04 18:19:27 UTC
DO NOT REPLY [Bug 48859] New: clarification on OpenSSL 0.9.8l -
Renegotiating vulnerability
https://issues.apache.org/bugzilla/show_bug.cgi?id=48859
Summary: clarification on OpenSSL 0.9.8l - Renegotiating
vulnerability
Product: Apache httpd-2
Version: 2.2.14
Platform: PC
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P2
Component: Build
AssignedTo: bugs@httpd.apache.org
ReportedBy: rajat.ray@gmail.com
Hi,
Wanted a clarification on OpenSSL 0.9.8l ( CVE-2009-3555 - TLS / SSLv3
Renegotiating vulnerability) . When I execute the following
./openssl s_client -connect www.testapp.com:8090
--- [snipped... openssl output]
HEAD / HTTP/1.0
R
RENEGOTIATING
<Enter>
The below output is shown
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"7777-1266209541000"
Last-Modified: Mon, 15 Feb 2010 04:52:21 GMT
Content-Type: text/html
Content-Length: 7777
Date: Wed, 03 Mar 2010 17:44:54 GMT
Connection: close
What I want to know is if this should output the header details or should that
be suppressed also. As per a lot of forums I should get this error
“28874:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:530:”
OR
The connection blocks and timeouts after a while
Could someone please clarify.
Thanks
Rajat
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48859] clarification on OpenSSL 0.9.8l -
Renegotiating vulnerability
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48859
Ruediger Pluem <rp...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE
--- Comment #1 from Ruediger Pluem <rp...@apache.org> 2010-03-04 18:05:28 UTC ---
*** This bug has been marked as a duplicate of bug 48850 ***
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org