Results 1 to 2 of 2

Thread: Caution on latest openssl update

  1. #1

    Default Caution on latest openssl update

    hopefully i will be the only one that even notices this, but the latest openssl update broke some trouble-free operations that i do daily.

    heads up to those that may connect to others that have not updated, because it doesn't appear to have complete backward compatibility.

  2. #2
    Join Date
    Oct 2008
    Location
    Birmingham. AL
    Posts
    858

    Default Re: Caution on latest openssl update

    The problem is that the only way to stop the man-in-the-middle attacks allowed by the vulnerability in SSL V.3 is to prevent renegotiation. Some sites have apparently been set up to use that, and those are probably the ones that are causing issues for you.

    I don't know enough about SSL to estimate if (or when) the actual vulnerability in SSL V.3 will be addressed. For now, the workaround is just to prevent renegotiation.

    It's an either/or: you can back out of the patch and be vulnerable, but have access to many sites; or, you can use the patch, do without renegotiation, and put up with problems on some Web sites.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •