[arch-dev-public] [signoff] openssl 0.9.8l-1

Pierre Schmitz pierre at archlinux.de
Fri Nov 6 02:29:50 EST 2009


you might have heard from the possible MTM attack against TLS. Openssl has
released a new version which disabled the affected renegotiation feature.
We should move this to core soon.

For more information see http://extendedsubset.com/?p=8 and

Please note that this is more or less a protocol design flaw which means
that every SSL implementation should be affected, not only openssl (e.g.
Firefox uses nss and there is also gnutls). So we should have a look at
those packages, too.


Pierre Schmitz, https://users.archlinux.de/~pierre

More information about the arch-dev-public mailing list