Caution on latest openssl update

hopefully i will be the only one that even notices this, but the latest openssl update broke some trouble-free operations that i do daily.

heads up to those that may connect to others that have not updated, because it doesn’t appear to have complete backward compatibility.

The problem is that the only way to stop the man-in-the-middle attacks allowed by the vulnerability in SSL V.3 is to prevent renegotiation. Some sites have apparently been set up to use that, and those are probably the ones that are causing issues for you.

I don’t know enough about SSL to estimate if (or when) the actual vulnerability in SSL V.3 will be addressed. For now, the workaround is just to prevent renegotiation.

It’s an either/or: you can back out of the patch and be vulnerable, but have access to many sites; or, you can use the patch, do without renegotiation, and put up with problems on some Web sites.