shibboleth-dev - OpenSSL Renegotiation bug
Subject: Shibboleth Developers
List archive
- From: Lukas Haemmerle <>
- To:
- Subject: OpenSSL Renegotiation bug
- Date: Mon, 16 Nov 2009 12:52:49 +0100
- Organization: SWITCH - Serving Swiss Universities
I just read about the OpenSSL Renegotiation issue and were wondering
whether this affects the Shibboleth SP. In particular, if X.509
clientAuth is enabled on a directory/location basis and not for the
whole VirtualHost, renegotiation is used if I remember correctly.
So, this could affect some installations if they upgrade their openssl
version whose default then is set to not use renegotiation.
Infos:
http://openssl.org/news/secadv_20091111.txt
http://isc.sans.org/diary.html?storyid=7543
Cheers
Lukas
--
SWITCH
Serving Swiss Universities
--------------------------
Lukas Haemmerle, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 64, fax +41 44 268 15 68
,
http://www.switch.ch
- OpenSSL Renegotiation bug, Lukas Haemmerle, 11/16/2009
- Re: [Shib-Dev] OpenSSL Renegotiation bug, Chad La Joie, 11/16/2009
- RE: [Shib-Dev] OpenSSL Renegotiation bug, Scott Cantor, 11/16/2009
- Re: [Shib-Dev] OpenSSL Renegotiation bug, Von Welch, 11/16/2009
- Re: [Shib-Dev] OpenSSL Renegotiation bug, Peter Williams, 11/16/2009
- Re: [Shib-Dev] OpenSSL Renegotiation bug, Von Welch, 11/16/2009
- RE: [Shib-Dev] OpenSSL Renegotiation bug, Scott Cantor, 11/16/2009
- RE: [Shib-Dev] OpenSSL Renegotiation bug, Scott Cantor, 11/16/2009
- Re: [Shib-Dev] OpenSSL Renegotiation bug, Chad La Joie, 11/16/2009
Archive powered by MHonArc 2.6.16.